Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0438.pdf.exe

Overview

General Information

Sample name:0438.pdf.exe
renamed because original name is a hash value
Original sample name: .pdf.exe
Analysis ID:1545741
MD5:2d11dba46735af1cb1c0a42e9564e20d
SHA1:b2e17960c6d080f7aba7df87f57c08b4bc2e7051
SHA256:e19477a56b247e6cc435fee367abcf6e0c3db21de91ae2514b4a6b1807233c53
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Connects to many ports of the same IP (likely port scanning)
Enables network access during safeboot for specific services
Enables remote desktop connection
Initial sample is a PE file and has a suspicious name
Uses an obfuscated file name to hide its real file extension (double extension)
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file contains strange resources
Queries disk information (often used to detect virtual machines)
Queries the installation date of Windows
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 0438.pdf.exe (PID: 2488 cmdline: "C:\Users\user\Desktop\0438.pdf.exe" MD5: 2D11DBA46735AF1CB1C0A42E9564E20D)
    • msiexec.exe (PID: 7064 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\pdf.msi" /qn MD5: E5DA170027542E25EDE42FC54C929077)
    • Acrobat.exe (PID: 6488 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Doc.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 4328 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,7783600837662025009,4322504478347230784,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • msiexec.exe (PID: 2496 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • ROMFUSClient.exe (PID: 8080 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 7248 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 4072 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 7636 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 5588 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start MD5: 63D0964168B927D00064AA684E79A300)
      • ROMServer.exe (PID: 8096 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start MD5: F3D74B072B9697CF64B0B8445FDC8128)
  • svchost.exe (PID: 2300 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ROMServer.exe (PID: 8036 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" MD5: F3D74B072B9697CF64B0B8445FDC8128)
    • ROMFUSClient.exe (PID: 3608 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 2324 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 6672 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 8172 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 5196 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 8068 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 7616 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 8060 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 6436 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
    • ROMFUSClient.exe (PID: 5144 cmdline: "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray MD5: 63D0964168B927D00064AA684E79A300)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.0.ROMFUSClient.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                12.0.ROMServer.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Suspicious Double Extension File Execution
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\0438.pdf.exe", CommandLine: "C:\Users\user\Desktop\0438.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\0438.pdf.exe, NewProcessName: C:\Users\user\Desktop\0438.pdf.exe, OriginalFileName: C:\Users\user\Desktop\0438.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\Desktop\0438.pdf.exe", ProcessId: 2488, ProcessName: 0438.pdf.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 111.90.140.76, DestinationIsIpv6: false, DestinationPort: 465, EventID: 3, Image: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Initiated: true, ProcessId: 8036, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49788
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2300, ProcessName: svchost.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: 0438.pdf.exeReversingLabs: Detection: 44%
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtfJump to behavior
                  Source: 0438.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 0438.pdf.exe
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeFile opened: c:
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655DAB190
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655D940BC
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DBFCA0 FindFirstFileExA,0_2_00007FF655DBFCA0

                  Networking

                  barindex
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 111.90.140.76 ports 5651,8080,1,465,5,6,80
                  Enables network access during safeboot for specific services
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.6:49785 -> 111.90.140.76:5651
                  Source: global trafficTCP traffic: 192.168.2.6:49790 -> 65.21.245.7:5555
                  Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
                  Source: Joe Sandbox ViewIP Address: 65.21.245.7 65.21.245.7
                  Source: Joe Sandbox ViewASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY
                  Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 65.21.245.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: unknownTCP traffic detected without corresponding DNS query: 111.90.140.76
                  Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                  Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
                  Source: AledensoftIpcServer.dll.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: svchost.exe, 00000006.00000002.3404980914.00000152CDA00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: qmgr.db.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: ROMFUSClient.exe, 00000015.00000002.3396748932.00000000027CC000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3396748932.00000000026CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/
                  Source: ROMFUSClient.exe, 00000015.00000002.3396748932.00000000027D3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/03
                  Source: ROMServer.exe, 00000012.00000002.3395697625.000000000165C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://litemanager.com/03f
                  Source: ROMFUSClient.exe, 0000000B.00000000.2240253019.00000000008E4000.00000002.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2255406199.00000000009FE000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://litemanager.ru/
                  Source: ROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drString found in binary or memory: http://litemanager.ru/noip.txtU
                  Source: AledensoftIpcServer.dll.4.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://ocsp.thawte.com0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://s2.symcb.com0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://sv.symcd.com0&
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: ROMFUSClient.exe, 0000000B.00000003.2259126135.0000000002807000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe, 0000000C.00000003.2257147255.0000000002A67000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000D.00000003.2277324013.0000000002917000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000003.2275541366.0000000002A17000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000F.00000003.2316937821.0000000002907000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000011.00000003.2312303381.0000000002907000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000012.00000002.3395697625.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000014.00000002.3395273674.00000000027B7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3396748932.0000000002737000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000003.2313692708.0000000002677000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000017.00000003.2327332686.00000000027A7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000003.2336010144.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000019.00000003.2345721402.00000000027F7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001A.00000003.2356406295.0000000002727000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001B.00000003.2379336714.0000000002877000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001D.00000003.3132372949.00000000028C7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe.4.drString found in binary or memory: http://www.indyproject.org/
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://www.symauth.com/cps0(
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: http://www.symauth.com/rpa00
                  Source: 2D85F72862B55C4EADD9E66E06947F3D0.5.drString found in binary or memory: http://x1.i.lencr.org/
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: https://d.symcb.com/cps0%
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drString found in binary or memory: https://d.symcb.com/rpa0
                  Source: qmgr.db.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                  Source: svchost.exe, 00000006.00000003.2167957236.00000152CD900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                  Source: ROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drString found in binary or memory: https://litemanager.com/romversion.txt
                  Source: ROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drString found in binary or memory: https://litemanager.com/soft/pro/ROMServer.zip
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443

                  System Summary

                  barindex
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: 0438.pdf.exe
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D8C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655D8C2F0
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\533823.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{71FFA475-24D5-44FB-A51F-39B699E3D82C}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BEC.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\533826.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\533826.msiJump to behavior
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\533826.msiJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D8F9300_2_00007FF655D8F930
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D949280_2_00007FF655D94928
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB07540_2_00007FF655DB0754
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DAB1900_2_00007FF655DAB190
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9A4AC0_2_00007FF655D9A4AC
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA34840_2_00007FF655DA3484
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA1F200_2_00007FF655DA1F20
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DACE880_2_00007FF655DACE88
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D85E240_2_00007FF655D85E24
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D876C00_2_00007FF655D876C0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC25500_2_00007FF655DC2550
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DBC8380_2_00007FF655DBC838
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D848400_2_00007FF655D84840
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D8A3100_2_00007FF655D8A310
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D8C2F00_2_00007FF655D8C2F0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D872880_2_00007FF655D87288
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9126C0_2_00007FF655D9126C
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA21D00_2_00007FF655DA21D0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9F1800_2_00007FF655D9F180
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9B5340_2_00007FF655D9B534
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA53F00_2_00007FF655DA53F0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9AF180_2_00007FF655D9AF18
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA8DF40_2_00007FF655DA8DF4
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB07540_2_00007FF655DB0754
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA2D580_2_00007FF655DA2D58
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC20800_2_00007FF655DC2080
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC5AF80_2_00007FF655DC5AF8
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D81AA40_2_00007FF655D81AA4
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA2AB00_2_00007FF655DA2AB0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DBFA940_2_00007FF655DBFA94
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D91A480_2_00007FF655D91A48
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB89A00_2_00007FF655DB89A0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA39640_2_00007FF655DA3964
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9C96C0_2_00007FF655D9C96C
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB8C1C0_2_00007FF655DB8C1C
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA4B980_2_00007FF655DA4B98
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D9BB900_2_00007FF655D9BB90
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D95B600_2_00007FF655D95B60
                  Source: ROMViewer.exe.4.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe.4.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe0.4.drStatic PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: ROMServer.exe.4.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMFUSClient.exe.4.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMServer.exe0.4.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMViewer.exe.4.drStatic PE information: Number of sections : 11 > 10
                  Source: ROMViewer.exe.4.drStatic PE information: Resource name: RT_RCDATA type: Delphi compiled form 'TfmEditBinaryValue'
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetAllUsers.dll< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2153671361.000001D84EE2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2153805384.000001D854283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000002.2158391585.000001D854283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000002.2157778409.000001D84EE2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2157020100.000001D84EE2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2153945402.000001D84EE2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISRegSvr.dll vs 0438.pdf.exe
                  Source: 0438.pdf.exe, 00000000.00000003.2142040479.000001D852E62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_IsIcoRes.exe< vs 0438.pdf.exe
                  Source: classification engineClassification label: mal76.troj.evad.winEXE@51/93@1/4
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D8B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF655D8B6D8
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DA8624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF655DA8624
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - ServerJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ROMFUSLocal
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ROMFUSTray
                  Source: C:\Users\user\Desktop\0438.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5451828Jump to behavior
                  Source: Yara matchFile source: 11.0.ROMFUSClient.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.0.ROMServer.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe, type: DROPPED
                  Source: 0438.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\Desktop\0438.pdf.exeFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 0438.pdf.exeReversingLabs: Detection: 44%
                  Source: C:\Users\user\Desktop\0438.pdf.exeFile read: C:\Users\user\Desktop\0438.pdf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\0438.pdf.exe "C:\Users\user\Desktop\0438.pdf.exe"
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\pdf.msi" /qn
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Doc.pdf"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,7783600837662025009,4322504478347230784,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: unknownProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\pdf.msi" /qnJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Doc.pdf"Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewallJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /startJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,7783600837662025009,4322504478347230784,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: dxgidebug.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dlnashext.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wpdshext.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: apphelp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: apphelp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: firewallapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwpolicyiomgr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: urlmon.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: srvcli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: appresolver.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: bcp47langs.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: slc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sppc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: pcacli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: sfc_os.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avicap32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: avifil32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wsock32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: dsound.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvfw32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msacm32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winmmbase.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: security.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: idndl.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msxml6.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iccvid.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: iyuv_32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msrle32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msvidc32.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: tsbyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: msyuv.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeSection loaded: mswsock.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: wininet.dll
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeSection loaded: avicap32.dll
                  Source: C:\Users\user\Desktop\0438.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: Start LM-Server.lnk.4.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Uninstall LiteManager - Server.lnk.4.drLNK file: ..\..\..\..\..\..\Windows\SysWOW64\msiexec.exe
                  Source: Stop LM-Server.lnk.4.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Settings for LM-Server.lnk.4.drLNK file: ..\..\..\..\..\..\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: 0438.pdf.exeStatic PE information: Image base 0x140000000 > 0x60000000
                  Source: 0438.pdf.exeStatic file information: File size 11654747 > 1048576
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: 0438.pdf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Source: 0438.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 0438.pdf.exe
                  Source: 0438.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: 0438.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: 0438.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: 0438.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: 0438.pdf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\0438.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_5451828Jump to behavior
                  Source: 0438.pdf.exeStatic PE information: section name: .didat
                  Source: 0438.pdf.exeStatic PE information: section name: _RDATA
                  Source: ROMViewer.exe.4.drStatic PE information: section name: .didata
                  Source: ROMFUSClient.exe.4.drStatic PE information: section name: .didata
                  Source: ROMwln.dll.4.drStatic PE information: section name: .didata
                  Source: ROMServer.exe.4.drStatic PE information: section name: .didata
                  Source: HookDrv.dll.4.drStatic PE information: section name: .didata
                  Source: ROMServer.exe0.4.drStatic PE information: section name: .didata
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC5156 push rsi; retf 0_2_00007FF655DC5157
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC5166 push rsi; retf 0_2_00007FF655DC5167
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtfJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\romserver.exe
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - ServerJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Start LM-Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Uninstall LiteManager - Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Stop LM-Server.lnkJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Settings for LM-Server.lnkJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses an obfuscated file name to hide its real file extension (double extension)
                  Source: Possible double extension: pdf.exeStatic PE information: 0438.pdf.exe
                  Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\LiteManager\v3.4\Server\Parameters NoIPSettingsJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOGPFAULTERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeWindow / User API: threadDelayed 3225
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeWindow / User API: threadDelayed 6579
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exeJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exeJump to dropped file
                  Source: C:\Windows\System32\svchost.exe TID: 4364Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe TID: 8080Thread sleep time: -60000s >= -30000s
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe TID: 8028Thread sleep count: 208 > 30
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe TID: 7384Thread sleep time: -1612500s >= -30000s
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe TID: 7384Thread sleep time: -3289500s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655DAB190
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655D940BC
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DBFCA0 FindFirstFileExA,0_2_00007FF655DBFCA0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB16A4 VirtualQuery,GetSystemInfo,0_2_00007FF655DB16A4
                  Source: ROMFUSClient.exe, 0000000D.00000002.2278363197.0000000000B5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: ROMFUSClient.exe, 0000000D.00000002.2278363197.0000000000B5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                  Source: ROMFUSClient.exe, 0000001D.00000002.3134326476.0000000000C78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
                  Source: ROMFUSClient.exe, 00000014.00000002.3393245652.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000002.2316974063.0000000000B88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
                  Source: svchost.exe, 00000006.00000002.3400883318.00000152C842B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3405086246.00000152CDA40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3405187560.00000152CDA53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: ROMFUSClient.exe, 0000000D.00000002.2278363197.0000000000B5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: ROMFUSClient.exe, 0000000F.00000003.2318499997.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}|
                  Source: ROMFUSClient.exe, 0000000B.00000002.2261534094.0000000000D09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BL
                  Source: ROMFUSClient.exe, 00000017.00000002.2329035587.0000000000D78000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000002.2337206079.0000000000AA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
                  Source: ROMServer.exe, 00000012.00000002.3392369050.0000000000DA8000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3393174730.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 00000019.00000002.2352309440.0000000000D38000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001A.00000002.2358537336.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001B.00000002.2380622367.0000000000C28000.00000004.00000020.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001E.00000002.3336564501.0000000000B58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF655DB76D8
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC0D20 GetProcessHeap,0_2_00007FF655DC0D20
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess token adjusted: Debug
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeProcess token adjusted: Debug
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /startJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF655DB76D8
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF655DB3170
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF655DB2510
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB3354 SetUnhandledExceptionFilter,0_2_00007FF655DB3354
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655DAB190
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\pdf.msi" /qnJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Doc.pdf"Jump to behavior
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeProcess created: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe "C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DC58E0 cpuid 0_2_00007FF655DC58E0
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF655DAA2CC
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655DB0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF655DB0754
                  Source: C:\Users\user\Desktop\0438.pdf.exeCode function: 0_2_00007FF655D951A4 GetVersionExW,0_2_00007FF655D951A4

                  Remote Access Functionality

                  barindex
                  Enables remote desktop connection
                  Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server AllowRemoteRPC

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Replication Through Removable Media                  		Windows Management Instrumentation1
                  DLL Side-Loading                  		1
                  Exploitation for Privilege Escalation                  		1
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		1
                  Remote Desktop Protocol                  		1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Windows Service                  		1
                  DLL Side-Loading                  		11
                  Obfuscated Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop ProtocolData from Removable Media11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Registry Run Keys / Startup Folder                  		1
                  Windows Service                  		1
                  Software Packing                  		Security Account Manager2
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
                  Process Injection                  		1
                  DLL Side-Loading                  		NTDS65
                  System Information Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                  Registry Run Keys / Startup Folder                  		1
                  File Deletion                  		LSA Secrets31
                  Security Software Discovery                  		SSHKeylogging13
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts122
                  Masquerading                  		Cached Domain Credentials2
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Modify Registry                  		DCSync1
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                  Virtualization/Sandbox Evasion                  		Proc Filesystem1
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                  Process Injection                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545741 Sample: 0438.pdf.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 76 57 x1.i.lencr.org 2->57 59 edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com 2->59 61 2 other IPs or domains 2->61 71 Multi AV Scanner detection for submitted file 2->71 73 Sigma detected: Suspicious Double Extension File Execution 2->73 75 Uses an obfuscated file name to hide its real file extension (double extension) 2->75 77 2 other signatures 2->77 9 ROMServer.exe 2->9         started        13 msiexec.exe 99 61 2->13         started        16 0438.pdf.exe 6 9 2->16         started        18 svchost.exe 1 1 2->18         started        signatures3 process4 dnsIp5 63 111.90.140.76, 465, 49785, 49786 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY Malaysia 9->63 65 65.21.245.7, 49789, 49790, 49798 CP-ASDE United States 9->65 79 Enables remote desktop connection 9->79 81 Enables network access during safeboot for specific services 9->81 20 ROMFUSClient.exe 9->20         started        22 ROMFUSClient.exe 9->22         started        24 ROMFUSClient.exe 9->24         started        36 7 other processes 9->36 49 C:\Program Files (x86)\...\ROMServer.exe, PE32 13->49 dropped 51 stop_server_51B516...3C56354EA2277C2.exe, PE32 13->51 dropped 53 config_server_B6BD...764F06ADFFD6458.exe, PE32 13->53 dropped 55 9 other files (none is malicious) 13->55 dropped 26 ROMFUSClient.exe 13->26         started        28 ROMFUSClient.exe 13->28         started        30 ROMFUSClient.exe 13->30         started        32 Acrobat.exe 72 16->32         started        34 msiexec.exe 16->34         started        67 127.0.0.1 unknown unknown 18->67 file6 signatures7 process8 process9 38 ROMServer.exe 26->38         started        40 ROMServer.exe 28->40         started        42 ROMServer.exe 30->42         started        44 AcroCEF.exe 107 32->44         started        process10 46 AcroCEF.exe 44->46         started        dnsIp11 69 96.7.168.138, 443, 49760 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 46->69

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  0438.pdf.exe45%ReversingLabsWin32.Trojan.Generic

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe3%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe3%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dll0%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exe3%ReversingLabs
                  C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe3%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exe0%ReversingLabs
                  C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://x1.i.lencr.org/0%URL Reputationsafe
                  https://g.live.com/odclientsettings/Prod1C:0%URL Reputationsafe
                  http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
                  http://www.symauth.com/rpa000%URL Reputationsafe
                  http://ocsp.thawte.com00%URL Reputationsafe
                  https://g.live.com/odclientsettings/ProdV21C:0%URL Reputationsafe
                  http://www.indyproject.org/0%URL Reputationsafe
                  http://www.symauth.com/cps0(0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.210.172
                  		truefalse
                    		unknown
                    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                    		84.201.210.37
                    		truefalse
                      		unknown
                      x1.i.lencr.org
                      		unknown
                      		unknownfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://litemanager.ru/ROMFUSClient.exe, 0000000B.00000000.2240253019.00000000008E4000.00000002.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2255406199.00000000009FE000.00000002.00000001.01000000.0000000C.sdmpfalse
                          		unknown
                          http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.5.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://g.live.com/odclientsettings/Prod1C:qmgr.db.6.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://litemanager.com/soft/pro/ROMServer.zipROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drfalse
                            		unknown
                            http://litemanager.com/03ROMFUSClient.exe, 00000015.00000002.3396748932.00000000027D3000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              http://litemanager.com/03fROMServer.exe, 00000012.00000002.3395697625.000000000165C000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                https://litemanager.com/romversion.txtROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drfalse
                                  		unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl00438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.symauth.com/rpa000438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://ocsp.thawte.com00438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://litemanager.ru/noip.txtUROMServer.exe, 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe.4.drfalse
                                    		unknown
                                    https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 00000006.00000003.2167957236.00000152CD900000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.ver)svchost.exe, 00000006.00000002.3404980914.00000152CDA00000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://litemanager.com/ROMFUSClient.exe, 00000015.00000002.3396748932.00000000027CC000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3396748932.00000000026CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.indyproject.org/ROMFUSClient.exe, 0000000B.00000003.2259126135.0000000002807000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, ROMServer.exe, 0000000C.00000000.2252577316.0000000000951000.00000020.00000001.01000000.0000000C.sdmp, ROMServer.exe, 0000000C.00000003.2257147255.0000000002A67000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000D.00000003.2277324013.0000000002917000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 0000000E.00000003.2275541366.0000000002A17000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000000F.00000003.2316937821.0000000002907000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000011.00000003.2312303381.0000000002907000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe, 00000012.00000002.3395697625.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000014.00000002.3395273674.00000000027B7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000015.00000002.3396748932.0000000002737000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000016.00000003.2313692708.0000000002677000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000017.00000003.2327332686.00000000027A7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000018.00000003.2336010144.00000000027D7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 00000019.00000003.2345721402.00000000027F7000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001A.00000003.2356406295.0000000002727000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001B.00000003.2379336714.0000000002877000.00000004.00001000.00020000.00000000.sdmp, ROMFUSClient.exe, 0000001D.00000003.3132372949.00000000028C7000.00000004.00001000.00020000.00000000.sdmp, ROMServer.exe.4.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.symauth.com/cps0(0438.pdf.exe, 00000000.00000003.2142040479.000001D852E3C000.00000004.00000020.00020000.00000000.sdmp, 0438.pdf.exe, 00000000.00000003.2142040479.000001D852DFE000.00000004.00000020.00020000.00000000.sdmp, pdf.msi.0.drfalse
                                        • URL Reputation: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        96.7.168.138
                                        		unknownUnited States
                                        		262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse
                                        111.90.140.76
                                        		unknownMalaysia
                                        		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue
                                        65.21.245.7
                                        		unknownUnited States
                                        		199592CP-ASDEfalse

                                        Private

                                        IP
                                        127.0.0.1

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1545741
                                        Start date and time:2024-10-30 22:36:37 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 7m 40s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:31
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:0438.pdf.exe
                                        renamed because original name is a hash value
                                        Original Sample Name: .pdf.exe
                                        Detection:MAL
                                        Classification:mal76.troj.evad.winEXE@51/93@1/4
                                        EGA Information:
                                        • Successful, ratio: 50%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 71
                                        • Number of non-executed functions: 92
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.202.204.11, 23.22.254.206, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 184.28.90.27, 88.221.110.91, 2.16.100.168, 2.19.126.143, 2.19.126.149, 2.22.242.123, 2.22.242.11
                                        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, geo2.adobe.com
                                        • Execution Graph export aborted for target ROMServer.exe, PID 8036 because there are no executed function
                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: 0438.pdf.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        17:37:32API Interceptor2x Sleep call for process: svchost.exe modified
                                        17:37:40API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                        17:37:44API Interceptor20x Sleep call for process: ROMServer.exe modified
                                        17:37:47API Interceptor400440x Sleep call for process: ROMFUSClient.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        96.7.168.138401K .pdfGet hashmaliciousHTMLPhisherBrowse
                                          http://assets.website-files.com/65f02117700897a29c49fb10/65f7c129cb837c2310c7044e_tisamijujute.pdfGet hashmaliciousUnknownBrowse
                                            Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                                              2025+Policies_645622_929-5.pdfGet hashmaliciousUnknownBrowse
                                                https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                  Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse
                                                    tue.batGet hashmaliciousUnknownBrowse
                                                      https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                                                        bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousHTMLPhisherBrowse
                                                          111.90.140.76gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                            65.21.245.7J4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                              J4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                FPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                  gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                    044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
                                                                      3e#U043c.scrGet hashmaliciousRMSRemoteAdminBrowse

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com67JPbskewt.exeGet hashmaliciousUnknownBrowse
                                                                        • 84.201.210.35
                                                                        https://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                        • 217.20.57.34
                                                                        https://cosiosos.com.de/7i2ko/Get hashmaliciousHTMLPhisherBrowse
                                                                        • 217.20.57.18
                                                                        https://www.leadsonline.caGet hashmaliciousUnknownBrowse
                                                                        • 217.20.57.34
                                                                        PRESUPUEST.exeGet hashmaliciousAsyncRATBrowse
                                                                        • 217.20.57.19
                                                                        NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                        • 217.20.57.34
                                                                        scan1738761_rsalinas@wcctxlaw.com.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                        • 84.201.210.37
                                                                        https://forms.office.com/Pages/ShareFormPage.aspx?id=w0PqEzPG80GlVpQ2KYlCgotli86l81ZCgGQV0R07kYhUMDlNVzY4TDhNS0pGV0pGVENBVVNGTURFTi4u&sharetoken=3AKcsZjmxuGhgr7rDwU0Get hashmaliciousUnknownBrowse
                                                                        • 84.201.210.21
                                                                        https://deedayoshayoatmetoback.me/whatever/toni/kross/hala/mbappe/sanchez/mark/tremble/awee/rgguuu/us/invite/Get hashmaliciousUnknownBrowse
                                                                        • 217.20.57.26
                                                                        https://workdrive.zohoexternal.com/file/d3qaw4673940b54374623b165953068c580b5Get hashmaliciousHTMLPhisherBrowse
                                                                        • 217.20.57.25
                                                                        bg.microsoft.map.fastly.netPaiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 199.232.214.172
                                                                        https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#Get hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#steven.davis@tu.eduGet hashmaliciousHTMLPhisherBrowse
                                                                        • 199.232.210.172
                                                                        https://jksvb.jnkpavers.com/?tZbf66=Tyw6/shhfkanxgsdff/&c=E,1,NSDuZCxGQc6fw5XDGugSpFh6vhsurKgNKuRtQYEvQblaeko7ktmOqkToectUm_5S_qV7IGwrOynGYnQ5TFSCJymAV2tc5TeuFegn96UyDZPOEKOyHYw,&typo=1Get hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                        • 199.232.214.172
                                                                        https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                        • 199.232.210.172
                                                                        (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                        • 199.232.210.172
                                                                        819614 - Midways Freight Ltd.xlsmGet hashmaliciousUnknownBrowse
                                                                        • 199.232.210.172
                                                                        https://jpm-ghana-2024-election-conversation-with-oct-24.open-exchange.net/join-the-call?ml_access_token=eyJjb250ZW50Ijp7ImV4cGlyYXRpb25EYXRlIjoiMjAyNC0xMC0zMVQxNToyMDo1OS4wMDZaIiwiZW1haWwiOiJyZGVpdHpAdnItY2FwaXRhbC5jb20iLCJldmVudElkIjo0MjY3Mn0sInNpZ25hdHVyZSI6Ik1FVUNJQzhaMDJJblVZd0syUk9WRkdjL1pMNHRBbWo4RmwxdW9mQjhwZzRmSjZsMkFpRUE5d25HUFFoa3ZrdkM2MlJkQ3lkM09YbnFJZ0xlQTAwMDIxNlRWbG9Hb0ZjPSJ9Get hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        Complete with Docusign_ Remittance Advice .pdf(1).emlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 199.232.210.172

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYJ4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                        • 111.90.140.34
                                                                        J4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                        • 111.90.140.34
                                                                        FPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                        • 101.99.93.169
                                                                        gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                        • 111.90.140.76
                                                                        b.cmdGet hashmaliciousUnknownBrowse
                                                                        • 101.99.92.203
                                                                        rrwzOU7A9F.exeGet hashmaliciousXWormBrowse
                                                                        • 101.99.92.203
                                                                        INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR401K .pdfGet hashmaliciousHTMLPhisherBrowse
                                                                        • 96.7.168.138
                                                                        http://assets.website-files.com/65f02117700897a29c49fb10/65f7c129cb837c2310c7044e_tisamijujute.pdfGet hashmaliciousUnknownBrowse
                                                                        • 96.7.168.138
                                                                        Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                        • 96.7.168.138
                                                                        2025+Policies_645622_929-5.pdfGet hashmaliciousUnknownBrowse
                                                                        • 96.7.168.138
                                                                        https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                        • 96.7.168.138
                                                                        Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse
                                                                        • 96.7.168.138
                                                                        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                        • 200.220.206.173
                                                                        tue.batGet hashmaliciousUnknownBrowse
                                                                        • 96.7.168.138
                                                                        https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                                                                        • 96.7.168.138
                                                                        CP-ASDEJ4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                        • 65.21.245.7
                                                                        J4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                                        • 65.21.245.7
                                                                        FPPhfkcDCh.exeGet hashmaliciousRemcosBrowse
                                                                        • 65.21.245.7
                                                                        gBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                        • 65.21.245.7
                                                                        SALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                        • 65.21.196.90
                                                                        iQPxJrxxaj.exeGet hashmaliciousPikaBotBrowse
                                                                        • 65.20.66.218

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dllgBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                          C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exegBYz86HSwI.msiGet hashmaliciousUnknownBrowse
                                                                            C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dllgBYz86HSwI.msiGet hashmaliciousUnknownBrowse

                                                                              Created / dropped Files

                                                                              C:\Config.Msi\533825.rbs

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):25222
                                                                              Entropy (8bit):5.137779369916245
                                                                              Encrypted:false
                                                                              SSDEEP:384:8S75t8t+CqZ+oNbynfBytjj3I6LgLVOVb:8S1t8t+CqZ+oNbynfEtI6cpMb
                                                                              MD5:72AB5CEA21A964F96CE96D06D6D80544
                                                                              SHA1:9727166227557EA1C55AC2BF2C149A286D0FA18A
                                                                              SHA-256:03A2D50F37B41C876AF14F981F86CDECFF54D2BCAD9A84A09F478B1D61BBF61B
                                                                              SHA-512:297C047F4ED5F197F13289FB3EBE6BEEC6CCECD776B1A9A33E79807FC5158D768D91013BE1C748B80A4E0FA0D33F1E6BDD83C56112D08EAD27B0216D73255A8A
                                                                              Malicious:false
                                                                              Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}..LiteManager Pro - Server..pdf.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}.....@.....@.....@.....@.......@.....@.....@.......@......LiteManager Pro - Server......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3244CDE6-6414-4399-B0D5-424562747210}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{4D4D18AA-F74D-4291-B5A9-93C3CC48B75F}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{641F154A-FEEF-4FA7-B5BF-414DB1DB8390}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}.@......&.{596F4636-5D51-49F5-B3B4-F3C366E9DC23}&.{00000000-0000-0000-0000-000000000000}.@......&.{A3DC5A2F-2249-4674-B

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\AledensoftIpcServer.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):132032
                                                                              Entropy (8bit):6.10195829980833
                                                                              Encrypted:false
                                                                              SSDEEP:3072:sh/1J7RYdzZU4Z5tegH1q888888888888W888888888882zgP:sh/jIZPZ5tJ8888888888888W888888s
                                                                              MD5:C40455A478E0B76521130D9DAAAADC4B
                                                                              SHA1:42DE923D5E36A9F56B002DD66DB245BC44480089
                                                                              SHA-256:308085BC357BF3A3BEE0D662FCC01628E9EE2FFD478AE0F1E7140939AD99B892
                                                                              SHA-512:76ED6D763F603BCAA7FE186C0A7449E614DCDB18036F7587C6E5A11C3F3269E400E3D2062856CC280AC20C094617924783B6C360F25AF66767DCC53C2F3045C9
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: gBYz86HSwI.msi, Detection: malicious, Browse
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....xK............................p........ ..........................................................................\.......\...............................x#...................................................................................text...$........................... ..`.itext.............................. ..`.data...0.... ......................@....bss....xN...@...........................idata..\...........................@....edata..\............&..............@..@.reloc..x#.......$...(..............@..B.rsrc................L..............@..@....................................@..@........................................................................................................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\EULA.rtf

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                                              Category:dropped
                                                                              Size (bytes):58679
                                                                              Entropy (8bit):4.738446173390891
                                                                              Encrypted:false
                                                                              SSDEEP:768:bkJC7UF9eVWSlBY8Aq9CBGDtD8gX1ZDCZjewbAsCw1vPDQuJPQzusxxeCNHnPPsT:htwqueMZYU
                                                                              MD5:BAED4E7AF33F77350D454B69317EE63B
                                                                              SHA1:2B598774F0C73850A36117F29EA8DAC57BE1C138
                                                                              SHA-256:671D65183C39E53FC1759C45B105A0FBE2D3A216E4099B66D5FCF274EA625E07
                                                                              SHA-512:E740997BDECB8F907A000D01BF3E823898A1289D1DBFAE5BF342D4BCB6FF09D258317955F4FD858FF6B239E5BA08E49E90CDEC06E24DABDB18C1CF2D8943590C
                                                                              Malicious:false
                                                                              Preview:{\rtf1\ansi\ansicpg1251\uc1\deff0\stshfdbch0\stshfloch37\stshfhich37\stshfbi37\deflang1049\deflangfe1049{\fonttbl{\f0\froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}..{\f1\fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}{\f2\fmodern\fcharset204\fprq1{\*\panose 02070309020205020404}Courier New;}{\f3\froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}..{\f10\fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}{\f37\fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f211\froman\fcharset0\fprq2 Times New Roman{\*\falt Times New Roman};}..{\f209\froman\fcharset238\fprq2 Times New Roman CE{\*\falt Times New Roman};}{\f212\froman\fcharset161\fprq2 Times New Roman Greek{\*\falt Times New Roman};}{\f213\froman\fcharset162\fprq2 Times New Roman Tur{\*\falt Times New Roman};}..{\f214\froman\fcharset177\fprq2 Times New Roman (Hebrew){\*\falt Times New Roman};}{\f215\froman\fcharset178\fprq2 Time

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\English.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):89220
                                                                              Entropy (8bit):3.469297258214741
                                                                              Encrypted:false
                                                                              SSDEEP:768:YvozCzKUNNfMnuQhgdXT0Z2BPshK+4aCWpQJ3OEInKDcbztlXnpQbbMv3PI:Yvoz4TXTI2pQCWOJvgXnpQbS3PI
                                                                              MD5:B1C96EF24061BF294CAC6C4C9CBF7757
                                                                              SHA1:5D1B1934091E257B5F1C69B13F5FC1E424348584
                                                                              SHA-256:20DB884523DA62C20F80B8A3BB71E11091B90A443B83C06D8FE2A1BBC00C1C33
                                                                              SHA-512:6E90562FD804F91DDADEF2310551063D34B859FF1CC6E58A41667E9CDA062DCA851C8455882EF47CF3E1A8EC21EBD9F0761F15E54174CC4A95427238CB39BA14
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.3.3.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .Q.u.e.s.t.i.o.n.....e.r.r.o.r. .=. .E.r.r.o.r.....i.n.f.o.r.m.a.t.i.o.n. .=. .I.n.f.o.r.m.a.t.i.o.n.....n.o.t.i.f.i.c.a.t.i.o.n. .=. .N.o.t.i.f.i.c.a.t.i.o.n.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .C.a.n. .n.o.t. .r.e.a.d. .s.e.r.v.i.c.e. .c.o.n.f.i.g.u.r.a.t.i.o.n...\.n.;.R.e.i.n.s.t.a.l.l. .L.i.t.e.M.a.n.a.g.e.r. .s.e.r.v.i.c.e.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .C.a.n. .n.o.t. .s.e.t. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r. .s.e.r.v.i.c.e. .s.t.a.r.t.u.p. .m.o.d.e.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .C.a.n. .n.o.t. .s.e.t. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r. .s.e.r.v.i.c.e. .s.t.a.r.t.u.p. .m.o.d.e...\.n.;.R.e.b.o.o.t. .s.y.s.t.e.m.,. .p.l.e.a.s.e.......

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\HookDrv.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):201728
                                                                              Entropy (8bit):6.3607488106285075
                                                                              Encrypted:false
                                                                              SSDEEP:3072:rmqdVRkbN1G3OKtVLqKc3IuQquARCASmShKJ:rmyTmNw3zqKcFLRs
                                                                              MD5:1D4F8CFC7BBF374CCC3AAE6045B2133D
                                                                              SHA1:802EDF0B0ED1D0305BCD6688EE3301366FEC1337
                                                                              SHA-256:C04885562F17BAEEFBCD2D4FC29F054EB8A66C44BD015750498C69A912D94C1F
                                                                              SHA-512:68643A30FEA87B2B61AF546F42BF32A25459152C1BCCE5A8A881714139CE828DFE4237874FF1E9CC3B78D6CDBEF7DD45C9F3459C3337D83693C704C274AFFF3E
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: gBYz86HSwI.msi, Detection: malicious, Browse
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...|..[.................\...........v............@.................................................................. ...................@...................@...G..................................................$................................text....S.......T.................. ..`.itext..D....p.......X.............. ..`.data...<............`..............@....bss....<Y...............................idata...............z..............@....didata.............................@....edata....... ......................@..@.rdata..E....0......................@..@.reloc...G...@...H..................@..B.rsrc....@.......@..................@..@....................................@..@........................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Taiwan.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):61034
                                                                              Entropy (8bit):4.429529654892776
                                                                              Encrypted:false
                                                                              SSDEEP:768:nebbtdP4XFsh6HWiIZTYp7JtMLG54ttg2kGPyWtvQTznCKDMlV2f:ne3KOhTTocL8HnMlV2f
                                                                              MD5:7303B5AE0B8911CEB238DC01419695BE
                                                                              SHA1:22B89BDB8FAEC62BA3E66639E38E6271B593944A
                                                                              SHA-256:88155FB3F0E198AA4A24F9CFECBB83C5A4E081C6EA362BC50294410CB2FB5C50
                                                                              SHA-512:8AE802616AF60BAF214E254F6A55D312DC46B6E3F8BEE5F50E30E372FF38103776278B5FB07A562C2149EEA58107CB427A03B1629F72044AB69D3507E5DFAB15
                                                                              Malicious:false
                                                                              Preview:[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.2.8.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .OUL.....e.r.r.o.r. .=. ./.......i.n.f.o.r.m.a.t.i.o.n. .=. ........n.o.t.i.f.i.c.a.t.i.o.n. .=. ....w....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .!q.l...S.g.RD}Ka.0\.n.;...e.[. .L.i.t.e.M.a.n.a.g.e.r. ..g.R?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .!q.l-..[ .L.i.t.e.M.a.n.a.g.e.r. .:O.ghV.g.R_U.R!j._.0....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .!q.l-..[ .L.i.t.e.M.a.n.a.g.e.r. .:O.ghV.g.R_U.R!j._.0\.n.;....e.._j.|q}.0....f.m._.s.e.t.t.i.n.g.s._.r.e.s.t.a.r.t._.s.e.r.v.i.c.e._.t.o._.a.p.p.l.y. .=. ....e_U.R .L.M. .:O.ghV.a(u.z._.NWY(u...f.0....f.m._.s.e.c.u.r.i.t.y._.f.o.r.c.e._.g.u.e.s.t. .=. .7_6R.O.(Wdk.|q}.N-..[.....asTW.@b.g.}..O(u.....S.g.O.X[.S.kP..0 .!q.l.O(u.07_

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Turkish.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):58794
                                                                              Entropy (8bit):3.642324420313977
                                                                              Encrypted:false
                                                                              SSDEEP:768:D+XPobz4qFlRiiXc0HwgHSSxnrKT7nke7GShFBy/x97fuTLY57aC7I/Fj:yPQMw1ZOT7kef1y/X7fuTq4j
                                                                              MD5:606DC375E898D7221CCB7CEB8F7C686B
                                                                              SHA1:26DCF93876C89283623B8150C1B79EDB24B6A7EC
                                                                              SHA-256:F442E440580EA35040E35BF1D85A118E7C182FDE0B9BA2A3C1816DEAB5F822BB
                                                                              SHA-512:9FBC42165B51A2020D2DA2FFE33287A4F3AA33639126813B290D329D47C4F4DA8F297A47AF3C1F63AF6F9E1BA47ACE840BC1660D603E17589E5DB6DDA0E1E5B1
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.5.5.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...c.o.m./.....q.u.e.s.t.i.o.n. .=. .S.o.r.u.....e.r.r.o.r. .=. .H.a.t.a.....i.n.f.o.r.m.a.t.i.o.n. .=. .B.i.l.g.i.....n.o.t.i.f.i.c.a.t.i.o.n. .=. .B.i.l.d.i.r.i.m.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. .H.i.z.m.e.t. .y.a.p.1.l.a.n.d.1.r.m.a.s.1. .o.k.u.n.a.m.1.y.o.r...\.n.;.L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t.i.n.i. .y.e.n.i.d.e.n. .y...k.l.e.m.e.k. .m.i. .i.s.t.i.y.o.r.s.u.n.u.z.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. .L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t. .b.a._.l.a.n.g.1... .m.o.d.u.n.u. .a.y.a.r.l.a.y.a.m.1.y.o.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. .L.i.t.e.M.a.n.a.g.e.r. .h.i.z.m.e.t. .b.a._.l.a.n.g.1... .m.o.d.u.n.u. .a.y.a.r.l.a.y.a.m.1.y.o.r...\.n.;.S.i.s.t.e.m.i. .y.e.n.i.d.e.n. .b.a._.l.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Lang\Ukrainian.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (305), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):87912
                                                                              Entropy (8bit):4.303374267443204
                                                                              Encrypted:false
                                                                              SSDEEP:768:VUlHxa/yEOYEJNHWjlUu1pZ26ER2nkUTbfk74Q:aNxWREb4lUu1P29R2JbfC4Q
                                                                              MD5:3FC082E8F516EAD9FC26AC01E737F9EF
                                                                              SHA1:3B67EBCE4400DDCF6B228E5668F3008561FB8F21
                                                                              SHA-256:3DC0CEAE11F445B57B17B7C35A90B5133E313CF6B61550AB418252C5B8089C99
                                                                              SHA-512:9A9D20AF2F8C27056F58AB5A9C687F5124CE5F6D563E396C9558331FB8BE48E88E148B1FDC548A5EBDEDB451E3D89F2F96856F3BBFD695691D5687599F376421
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d. .=. .1.0.5.8.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...r.u./.....q.u.e.s.t.i.o.n. .=. ...8.B.0.=.=.O.....e.r.r.o.r. .=. ...>.<.8.;.:.0.....i.n.f.o.r.m.a.t.i.o.n. .=. ...=.D.>.@.<.0.F.V.O.....n.o.t.i.f.i.c.a.t.i.o.n. .=. ...>.2.V.4.>.<.;.5.=.=.O.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. ...5.<.>.6.;.8.2.>. .?.@.>.G.8.B.0.B.8. .:.>.=.D.V.3.C.@.0.F.V.N. .A.;.C.6.1.8...\.n.;...5.@.5.2.A.B.0.=.>.2.8.B.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. ...5.<.>.6.;.8.2.>. .2.A.B.0.=.>.2.8.B.8. .@.5.6.8.<. .7.0.?.C.A.:.C. .A.;.C.6.1.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. ...5.<.>.6.;.8.2.>. .2.A.B.0.=.>.2.8.B.8. .@.5.6.8.<. .7.0.?.C.A.:.C. .A.;.C.6.1.8. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):6307408
                                                                              Entropy (8bit):6.5944937257467116
                                                                              Encrypted:false
                                                                              SSDEEP:98304:NwiA/GmKEt3LQ7V8z3uHWkd49GMdqOxaB:NOGmKEt31kd2dqwaB
                                                                              MD5:63D0964168B927D00064AA684E79A300
                                                                              SHA1:B4B9B0E3D92E8A3CBE0A95221B5512DED14EFB64
                                                                              SHA-256:33D1A34FEC88CE59BEB756F5A274FF451CAF171A755AAE12B047E678929E8023
                                                                              SHA-512:894D8A25E9DB3165E0DAAE521F36BBD6F9575D4F46A2597D13DEC8612705634EFEA636A3C4165BA1F7CA3CDC4DC7D4542D0EA9987DE10D2BC5A6ED9D6E05AECB
                                                                              Malicious:false
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Joe Sandbox View:
                                                                              • Filename: gBYz86HSwI.msi, Detection: malicious, Browse
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................C..F........C.......C...@.......................... i.......`..........@................... N.......M..A...@T...............`.P"...PN.<............................@N.......................M.......N......................text.....C.......C................. ..`.itext...0....C..2....C............. ..`.data... 3....C..4....C.............@....bss........0E..........................idata...A....M..B....E.............@....didata.......N......LE.............@....edata....... N......ZE.............@..@.tls....X....0N..........................rdata..]....@N......\E.............@..@.reloc..<....PN......^E.............@..B.rsrc........@T......DK.............@..@............. i.......`.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):7753808
                                                                              Entropy (8bit):6.615075046955521
                                                                              Encrypted:false
                                                                              SSDEEP:98304:D4/WZQ7lc63BJGS1VFeIEll251o7+YcMBk2VVyN/RTfCAFIqOx9N:DXQ7SIEXeMBk2V4N/Nq2Iqw9N
                                                                              MD5:F3D74B072B9697CF64B0B8445FDC8128
                                                                              SHA1:8408DA5AF9F257D12A8B8C93914614E9E725F54C
                                                                              SHA-256:70186F0710D1402371CE2E6194B03D8A153443CEA5DDB9FC57E7433CCE96AE02
                                                                              SHA-512:004054EF8CDB9E2FEFC3B7783574BFF57D6D5BF9A4624AD88CB7ECCAE29D4DFD2240A0DC60A14480E6722657132082332A3EC3A7C49D37437644A31E59F551AF
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...w#.f.................ZU... ......qU.......U...@.......................... ........v..........@...................._......`_..K....g.. ............v.P"...._.4............................._..................... m_.|....._......................text....&U......(U................. ..`.itext..$1...@U..2...,U............. ..`.data....@....U..B...^U.............@....bss....0.....V..........................idata...K...`_..L....V.............@....didata......._.......V.............@....edata........_.......V.............@..@.tls....`....._..........................rdata..]....._.......V.............@..@.reloc..4....._.......V.............@..B.rsrc.... ....g.. ....^.............@..@............. ........v.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\ROMwln.dll

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):999944
                                                                              Entropy (8bit):6.626732213066839
                                                                              Encrypted:false
                                                                              SSDEEP:12288:SA9+TVJdg0YMgqAahyv0jKdTq4lrBhqSq/rt8VwGFrt:SRho0lgqA6yvnrBhq/rQDt
                                                                              MD5:ED32E23322D816C3FE2FC3D05972689E
                                                                              SHA1:5EEA702C9F2AC0A1AADAE25B09E7983DA8C82344
                                                                              SHA-256:7F33398B98E225F56CD287060BEFF6773ABB92404AFC21436B0A20124919FE05
                                                                              SHA-512:E505265DD9D88B3199EB0D4B7D8B81B2F4577FABD4271B3C286366F3C1A58479B4DC40CCB8F0045C7CD08FD8BF198029345EEF9D2D2407306B73E5957AD59EDF
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...`.-\.................J...........X.......`....@.................................................................. ...................@...........0.......@.. O...................................................................................text...0?.......@.................. ..`.itext..8....P.......D.............. ..`.data....:...`...<...N..............@....bss.....]...............................idata..............................@....didata.............................@....edata....... ......................@..@.rdata..E....0......................@..@.reloc.. O...@...P..................@..B.rsrc....@.......@..................@..@.....................0..............@..@........................................................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\Russian.lg

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):94772
                                                                              Entropy (8bit):4.284840986247552
                                                                              Encrypted:false
                                                                              SSDEEP:768:r1kyTyZFOTb6QeZGJXYbFAMrKARuZk7FRwZoFTa2n:rn+2iZGhYbK4KARpAoFTa2n
                                                                              MD5:0E204FABE68B4B65ED5E0834651FB732
                                                                              SHA1:B338A6E54AA18F3F8A573580520F16C74A51F3D2
                                                                              SHA-256:302373D81F0AE15589206420CB01A266804C9FD1C1FF0D6E09CE6BA3FEF92B64
                                                                              SHA-512:AAD76F6A76DC693D959389CE471BC585D0DA72737FED99F42F219FDC7C71617C00E8003A467092E12820A359D672C6FB80D99772F3F6433923B2ABB7EEA40F08
                                                                              Malicious:false
                                                                              Preview:..[._.s.y.s.t.e.m.].....l.a.n.g.u.a.g.e._.i.d.=.1.0.4.9.........[._.m.e.s.s.a.g.e.s.].....w.e.b._.s.i.t.e. .=. .h.t.t.p.:././.l.i.t.e.m.a.n.a.g.e.r...r.u./.....q.u.e.s.t.i.o.n. .=. ...>.?.@.>.A.....e.r.r.o.r. .=. ...H.8.1.:.0.....i.n.f.o.r.m.a.t.i.o.n. .=. ...=.D.>.@.<.0.F.8.O.....n.o.t.i.f.i.c.a.t.i.o.n. .=. ...?.>.2.5.I.5.=.8.5.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.r.e.a.d._.c.o.n.f.i.g.u.r.a.t.i.o.n. .=. ...5.2.>.7.<.>.6.=.>. .?.@.>.G.8.B.0.B.L. .:.>.=.D.8.3.C.@.0.F.8.N. .A.;.C.6.1.K...\.n.;...5.@.5.C.A.B.0.=.>.2.8.B.L. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.?.....f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e. .=. ...5.2.>.7.<.>.6.=.>. .C.A.B.0.=.>.2.8.B.L. .@.5.6.8.<. .7.0.?.C.A.:.0. .A.;.C.6.1.K. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r.......f.m._.s.e.t.t.i.n.g.s._.u.n.a.b.l.e._.s.e.t._.s.t.a.r.t.u.p._.m.o.d.e._.r.e.s.t.a.r.t. .=. ...5.2.>.7.<.>.6.=.>. .C.A.B.0.=.>.2.8.B.L. .@.5.6.8.<. .7.0.?.C.A.:.0. .A.;.C.6.1.K. .L.i.t.e.M.a.n.a.g.e.r. .S.e.r.v.e.r...\.n.

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\files\ROMServer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):7752272
                                                                              Entropy (8bit):6.615186281886958
                                                                              Encrypted:false
                                                                              SSDEEP:98304:y4/WZQ7lc63BJGS1VFeIEll251o7+YcMBk2VVyN/RTfCEFIqOxJn:yXQ7SIEXeMBk2V4N/NqiIqwJn
                                                                              MD5:84FB34E529BEDE393A3F604EAA8137B2
                                                                              SHA1:195EA03B7BD086454A13C0D8357E0A9E447D9EC9
                                                                              SHA-256:1E396C4066AC8F421A54893442A0D76C4F8D4146E63825D67DFC0DA782E73EE5
                                                                              SHA-512:A48A80D62E588667B4C891CDED279BABFFA5FB4FDF092F345212F81D29A9ACAA06E6DB27B49DC601909409A3C82AA9272BCDF90D0AE1738E83E80D9FCA4D93E6
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f.................ZU... ......qU.......U...@.......................... ........v..........@...................._......`_..K....g..............(v.P"...._.4............................._..................... m_.|....._......................text....&U......(U................. ..`.itext..$1...@U..2...,U............. ..`.data....@....U..B...^U.............@....bss....0.....V..........................idata...K...`_..L....V.............@....didata......._.......V.............@....edata........_.......V.............@..@.tls....`....._..........................rdata..]....._.......V.............@..@.reloc..4....._.......V.............@..B.rsrc.........g.......^.............@..@............. .......(v.............@..@................

                                                                              C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):11361360
                                                                              Entropy (8bit):6.496049600782297
                                                                              Encrypted:false
                                                                              SSDEEP:98304:AshiRp5hPI7N9sSA5wbZXJOu/0uOXZYfmQYanSjS+cWuNOlQpgfYLyPsd+QgBBP5:Al5hPwgvyAjDjS+igfgym+bHJxmK
                                                                              MD5:B0E355EC3453C8FFAEE08CD4257E96F2
                                                                              SHA1:0FA023CA8F1C1ECDADDE3DD3BD551870C2D965E2
                                                                              SHA-256:60248BA026064B116E4F94020DABB74DF519F5B4C41379CA19A38D725692CA8E
                                                                              SHA-512:B6004F83FD78EED84BF21611EFA45F2FFADF3625E0A2FDCDAE531B4734A4B886EBFE5EBE990DA42302B7368282D83DFFEF19E71DA8EC4C155EE5C8619AD028DD
                                                                              Malicious:false
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe, Author: Joe Security
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......f..................v..67.......v...... v...@..........................0...................@...................p...........L...p....+..........:..P"...................................................................`.......................text.....u.......u................. ..`.itext...6....u..8....u............. ..`.data....R... v..T....v.............@....bss.........w..........................idata...L.......N...Xw.............@....didata......`........w.............@....edata.......p........w.............@..@.tls....`................................rdata..].............w.............@..@.reloc................w.............@..B.rsrc.....+..p....+.................@..@.............0.......:..............@..@................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):0.7263314484439825
                                                                              Encrypted:false
                                                                              SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0q:9JZj5MiKNnNhoxuz
                                                                              MD5:1E2FF4CF80E012EAA009B71753577CF6
                                                                              SHA1:49EA58617A6879EBD7DCD6495CCB66B5EA7E2714
                                                                              SHA-256:47F5B233797D7FF9B374AF6AFA348DEC654AD53AC32F85F4074569560F3E8F61
                                                                              SHA-512:4600AB86435E8A3D0518C09AEA2BA9BFC87D4DA10C062DF3DCABB8781FBC1FB044C950459AE36EC053B0B309072BD8996863F8C43E29A95D829F7FDCC2ED0B0E
                                                                              Malicious:false
                                                                              Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:Extensible storage user DataBase, version 0x620, checksum 0x05ca8312, page size 16384, DirtyShutdown, Windows version 10.0
                                                                              Category:dropped
                                                                              Size (bytes):1310720
                                                                              Entropy (8bit):0.7556235518796398
                                                                              Encrypted:false
                                                                              SSDEEP:1536:tSB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:tazaSvGJzYj2UlmOlOL
                                                                              MD5:96102E831474275454D9086E7779BFD3
                                                                              SHA1:38FD965FD81216B29EA3323ABDA6A27FB34FA228
                                                                              SHA-256:41CBF407B5D9DECEDCA987BBFB69C25A68529D2CD6164279D2C3C1484F6E9BF7
                                                                              SHA-512:A036B6EB5F4FF7D940E1760573E7A131F03E7D22E963675F6407554F96078A9C125BED19DAD8342517B4445FCEC054ED4D225F36F5AA0A7D1192A467987E76C7
                                                                              Malicious:false
                                                                              Preview:...... .......7.......X\...;...{......................0.e......!...{?. %...|y.h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{...................................... %...|...................... %...|y..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):16384
                                                                              Entropy (8bit):0.07985720377107716
                                                                              Encrypted:false
                                                                              SSDEEP:3:FltEYeyRtENaAPaU1ltgNHaYlluxmO+l/SNxOf:f6zzNDPaUEaIgmOH
                                                                              MD5:48397126274E32321759EEF38C0ECAB3
                                                                              SHA1:FC6A9E145C530D5D0916ED25ACD544DD1A33992F
                                                                              SHA-256:FEFB049DDA4586B663D6F4FB99F011C25A68993351FD22B2EA661B51406DCA5D
                                                                              SHA-512:8A17A22A822C3F21BDE5F097E117B9F80E6D40D670758896EA42AFE44E5B972C2EF4A20786229D7B0ACB983495046BC5C384BAA5377CA9AF1D5DCA16F45EA141
                                                                              Malicious:false
                                                                              Preview:.M.......................................;...{.. %...|y..!...{?..........!...{?..!...{?..g...!...{?..................... %...|y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Settings for LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 22 17:41:10 2024, mtime=Wed Oct 30 20:37:38 2024, atime=Thu Aug 22 17:41:10 2024, length=7753808, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):2167
                                                                              Entropy (8bit):3.9186212068596498
                                                                              Encrypted:false
                                                                              SSDEEP:48:8z2PxadOq49EKDZd5Y+d5YsP5qoZkmrSUp8JWqoZkmtWEh:8zqIaEp9O5qoZbcJWqoZbt
                                                                              MD5:8FAF532A493D9ACCB2AA42024CA01785
                                                                              SHA1:B0137E61AF800BBB6B70D2DB42BA7929EF3A15E0
                                                                              SHA-256:A013EE9C6838FFD225AEB1C83FD0BA1CB8AF18CACBE24F93FB19C5AF9B0FD3DE
                                                                              SHA-512:A64EF60672E5E514DFEFDCBB5BD7E0D32CBD9AFA82CE3FADEB1D18395F5B6FBB1E8F8E9303844300B4580D15DBF29491E960245A40CD2909D9187B7D889B4EBA
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. .....>.....Y3...+....>.....PPv..........................P.O. .:i.....+00.../C:\.....................1.....^Y....PROGRA~2.........O.I^Y......................V.....E...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....z.1.....^Y....LITEMA~1..b......^Y..^Y................................L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.....h.2.PPv..Y%. .ROMSER~1.EXE..L.......Y%.^Y................................R.O.M.S.e.r.v.e.r...e.x.e.......l...............-.......k..............q.....C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe..L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.c.o.n.f.i.g.n.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Start LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):1890
                                                                              Entropy (8bit):3.1573107695942624
                                                                              Encrypted:false
                                                                              SSDEEP:48:8ddOEPLqd5Y+d5YcCP5q2DT2S0Wq2DTKX7:85LJ9cM5qUoWqUE
                                                                              MD5:5FC67E19699B3F0B2AB7B4B89B0B3F1A
                                                                              SHA1:6F6380DF2EB8C5D30452A846864F001A8B0E473A
                                                                              SHA-256:45451F933B472FA53301D46B7C072AF67E51EC60172E6E9C01E0B308DF78A2F4
                                                                              SHA-512:81C7A9F5683DB54893BD26A6EC1BCBDB17983037668CD996E03934E7708331594195DBF2CCE9EB2B0C0567A9E8B24DD629D40866D49E55C9DF77A864D15744E5
                                                                              Malicious:false
                                                                              Preview:L..................F.@...........................................................P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)..."...1...........LiteManager Pro - Server..b............................................L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r...(.h.2...........ROMServer.exe.L............................................R.O.M.S.e.r.v.e.r...e.x.e.......L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.s.t.a.r.t.n.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.R.O.M.S.e.r.v.e.r...e.x.e._.9.D.0.9.B.2.B.C.2.5.A.2.4.1.4.C.B.D.8.4.8.E.2.B.7.5.8.9.8.6.7.6...e.x.e.........%SystemRoot%\In

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Stop LM-Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 22 17:41:10 2024, mtime=Wed Oct 30 20:37:38 2024, atime=Thu Aug 22 17:41:10 2024, length=7753808, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):2159
                                                                              Entropy (8bit):3.9055133595379576
                                                                              Encrypted:false
                                                                              SSDEEP:48:8A2PxadOF4bHDZd5Y+d5Ys5qcxFWT84SslWqcxFWT8cWEh:8AqHG29s5qcxYT8SWqcxYT8c
                                                                              MD5:596CF30C4C3FE957C86E1664F21611C8
                                                                              SHA1:460BA786B65CF7C3159FE91EE839508A7FE27739
                                                                              SHA-256:37041F60D546FF4E74BA3AA331CA0A2CDCB00561E7545D8BB682CF031340A5DC
                                                                              SHA-512:2BC76196F9275571B2053F2D78FFC519792093EE9D5C72A6F70DAE1B17E33E23DC40A41D2886DC90750EFADC6A86806BD42B77554BAB4D3BCF7BDA8AFCB695C5
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. .....>..........+....>.....PPv..........................P.O. .:i.....+00.../C:\.....................1.....^Y....PROGRA~2.........O.I^Y......................V.....E...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....z.1.....^Y....LITEMA~1..b......^Y..^Y.............................,..L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.....h.2.PPv..Y%. .ROMSER~1.EXE..L.......Y%.^Y................................R.O.M.S.e.r.v.e.r...e.x.e.......l...............-.......k..............q.....C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe..L.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.R.O.M.S.e.r.v.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.L.i.t.e.M.a.n.a.g.e.r. .P.r.o. .-. .S.e.r.v.e.r.\.../.s.t.o.p.l.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.s.t

                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiteManager Pro - Server\Uninstall LiteManager - Server.lnk

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:10:02 2019, mtime=Thu Oct 5 05:29:05 2023, atime=Sat Dec 7 08:10:02 2019, length=59904, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):1953
                                                                              Entropy (8bit):3.8777721725611816
                                                                              Encrypted:false
                                                                              SSDEEP:24:8WQ6JpvlM+CbBBAhwB+sHyjv/+MTyjvejIKZDUHwGS7ke4WTyjvejIKZDUHwwck8:8WlXvob40HOn5qmjlt6ScWqmjltZ+
                                                                              MD5:74A14624ACBA1BCAC5CFAEE22E468316
                                                                              SHA1:4B3E527FB5C55622FA36AA7CF885566FD9AB11A4
                                                                              SHA-256:B613BACD48C3550F79D6C30F7FEAD2205C9A7ADA002522A51E0055B14C0CFA72
                                                                              SHA-512:22136CF3A279BCEC75F1F307E9B8A8745CCE5D2FD6633E7ACB4A9EBFB05D8CE391136B2912329B3D3A9592E4DAB8EC46E81EFF761B78D5AA97DE18CB444E4217
                                                                              Malicious:false
                                                                              Preview:L..................F.@.. ...25.....Y9==U...25.............................A....P.O. .:i.....+00.../C:\...................V.1.....EW.5..Windows.@......OwH^Y......3.......................X.W.i.n.d.o.w.s.....Z.1.....^Y....SysWOW64..B......O.I^Y......Y....................."5..S.y.s.W.O.W.6.4.....b.2......OBI .msiexec.exe.H......OBIEWf3................|.............m.s.i.e.x.e.c...e.x.e.......N...............-.......M..............q.....C:\Windows\SysWOW64\msiexec.exe........\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.s.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.1.F.F.A.4.7.5.-.2.4.D.5.-.4.4.F.B.-.A.5.1.F.-.3.9.B.6.9.9.E.3.D.8.2.C.}.\.U.N.I.N.S.T._.U.n.i.n.s.t.a.l.l._.L._.7.8.A.A.5.B.6.6.6.2.5.1.4.D.9.4.A.8.4.7.D.6.C.6.0.3.A.F.0.8.9.5...e.x.e.........%SystemRoot%\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C6

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):298
                                                                              Entropy (8bit):5.187114693798316
                                                                              Encrypted:false
                                                                              SSDEEP:6:6IbtuVlyq2PN72nKuAl9OmbnIFUt8vIbvjz1Zmw+vIbvjlRkwON72nKuAl9Ombjd:6hVIvVaHAahFUt8v+z1/+v+z5OaHAaSJ
                                                                              MD5:C915BC9E26B12B965A22652E5F99607D
                                                                              SHA1:251CCB41E475E29D4081A003F46455A9DC54E7AD
                                                                              SHA-256:D2DA8287D9CD7DF2AFAE69784A17C0E956FC5DFC119A00D3FB1B1B2713B43D39
                                                                              SHA-512:714BBF0C6817EFACDE3EB4BB599C198630883EB14F3DC68AD1863B9440BB2BB8DF641F49F797912C91175B5DEF020063D0243F3C72D7A27013C47EB71DEB1C6F
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.606 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-17:37:32.614 19e4 Recovering log #3.2024/10/30-17:37:32.614 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):298
                                                                              Entropy (8bit):5.187114693798316
                                                                              Encrypted:false
                                                                              SSDEEP:6:6IbtuVlyq2PN72nKuAl9OmbnIFUt8vIbvjz1Zmw+vIbvjlRkwON72nKuAl9Ombjd:6hVIvVaHAahFUt8v+z1/+v+z5OaHAaSJ
                                                                              MD5:C915BC9E26B12B965A22652E5F99607D
                                                                              SHA1:251CCB41E475E29D4081A003F46455A9DC54E7AD
                                                                              SHA-256:D2DA8287D9CD7DF2AFAE69784A17C0E956FC5DFC119A00D3FB1B1B2713B43D39
                                                                              SHA-512:714BBF0C6817EFACDE3EB4BB599C198630883EB14F3DC68AD1863B9440BB2BB8DF641F49F797912C91175B5DEF020063D0243F3C72D7A27013C47EB71DEB1C6F
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.606 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-17:37:32.614 19e4 Recovering log #3.2024/10/30-17:37:32.614 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):342
                                                                              Entropy (8bit):5.1723822181541665
                                                                              Encrypted:false
                                                                              SSDEEP:6:6Ib0q2PN72nKuAl9Ombzo2jMGIFUt8vIbJZZmw+vIbJzkwON72nKuAl9Ombzo2jz:6XvVaHAa8uFUt8vI/+vQ5OaHAa8RJ
                                                                              MD5:A3FD99CAB3E47368C462BE91D76C9D58
                                                                              SHA1:98C3C473BA242A9FF69ED0602F01DCA21808E88D
                                                                              SHA-256:208FBAA3F8ABAE90405EEBEB2A495BFC3FC7A0D157D47538A4924EBFE1C1FA84
                                                                              SHA-512:A6D60A6A36A29ADE87D5E96C9F3F8A255C4D2553BD18DD1AC325DDF40E577B612BAB480369D479FB0F44C17026988A227CE49765B9A7AD4AB07581567AC0EC94
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.676 1c34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-17:37:32.678 1c34 Recovering log #3.2024/10/30-17:37:32.678 1c34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):342
                                                                              Entropy (8bit):5.1723822181541665
                                                                              Encrypted:false
                                                                              SSDEEP:6:6Ib0q2PN72nKuAl9Ombzo2jMGIFUt8vIbJZZmw+vIbJzkwON72nKuAl9Ombzo2jz:6XvVaHAa8uFUt8vI/+vQ5OaHAa8RJ
                                                                              MD5:A3FD99CAB3E47368C462BE91D76C9D58
                                                                              SHA1:98C3C473BA242A9FF69ED0602F01DCA21808E88D
                                                                              SHA-256:208FBAA3F8ABAE90405EEBEB2A495BFC3FC7A0D157D47538A4924EBFE1C1FA84
                                                                              SHA-512:A6D60A6A36A29ADE87D5E96C9F3F8A255C4D2553BD18DD1AC325DDF40E577B612BAB480369D479FB0F44C17026988A227CE49765B9A7AD4AB07581567AC0EC94
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.676 1c34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-17:37:32.678 1c34 Recovering log #3.2024/10/30-17:37:32.678 1c34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\641cf2a0-bed9-457c-871f-f190488ac959.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.971824627296864
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                              MD5:F326539D084B03D88254A74D6018F692
                                                                              SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                              SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                              SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.971824627296864
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                              MD5:F326539D084B03D88254A74D6018F692
                                                                              SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                              SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                              SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF54649d.TMP (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.971824627296864
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                              MD5:F326539D084B03D88254A74D6018F692
                                                                              SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                              SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                              SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b870c142-0d62-4489-8fbd-e8f8ef761c2c.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:JSON data
                                                                              Category:modified
                                                                              Size (bytes):475
                                                                              Entropy (8bit):4.968905002143365
                                                                              Encrypted:false
                                                                              SSDEEP:12:YH/um3RA8sqcMhsBdOg2HH8caq3QYiubcP7E4TX:Y2sRds4ydMHf3QYhbA7n7
                                                                              MD5:311C0D2435716305AB7C3FD49097CDE9
                                                                              SHA1:9E6E2E55DED649DF061E42D22B7D55764ED4A459
                                                                              SHA-256:C455A9BB6537F00C8A0E4BC0A89B039303DFB44803593F6CD4DDAD3B8213B51B
                                                                              SHA-512:17BBE0D132D3068526F344BA3CB3A471CA76DEFB4C2C9EDDB20995C57644CE7C2643DB96B3EA791439D3F355CC54E2A322201CD3C55687ACCB8A23D469E75125
                                                                              Malicious:false
                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374884264380776","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":208345},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):5449
                                                                              Entropy (8bit):5.25178179866612
                                                                              Encrypted:false
                                                                              SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7Ljh6s:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhZ
                                                                              MD5:39D238AA7A79BD6F2231356982894883
                                                                              SHA1:30B414AAD675E6AB7D8AF454DEE04B68D22ED261
                                                                              SHA-256:A5643A8DF771214E3B2914AF20B27ABD1F3C9825A8C87FDF32BFA4A4249A264A
                                                                              SHA-512:A61F6FFA62B35357E7681BE8D34C641303C8B3EAE0B7EA8955884733278378D0F12E13CD37E2A6B9D982A3FEDEB8CFAF5BC42CCB217E5B930CE5DB4297A36D5E
                                                                              Malicious:false
                                                                              Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):330
                                                                              Entropy (8bit):5.171926039998405
                                                                              Encrypted:false
                                                                              SSDEEP:6:6IbBq2PN72nKuAl9OmbzNMxIFUt8vIbbGWZmw+vIbwFkwON72nKuAl9OmbzNMFLJ:6yvVaHAa8jFUt8vSGW/+vb5OaHAa84J
                                                                              MD5:E51B539DF956C4DB8390AC378A67332D
                                                                              SHA1:F9379800792563F43EA3B798C41EAEC13FCC05B1
                                                                              SHA-256:5295A0B6D4A42953F5DF571C17D8EF7BEBFAE38521FF9E9DC15A8D7B3D41E148
                                                                              SHA-512:9E86CAF48C4DE23D407D9FEDADEF19BAB244E709D472A07BF66588D27DCE140B814713ECC8E6A58084D6E01E658CFE48CE024FA9AB11AD56B31CBD412CB4DF9B
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.824 1c34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-17:37:32.825 1c34 Recovering log #3.2024/10/30-17:37:32.826 1c34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):330
                                                                              Entropy (8bit):5.171926039998405
                                                                              Encrypted:false
                                                                              SSDEEP:6:6IbBq2PN72nKuAl9OmbzNMxIFUt8vIbbGWZmw+vIbwFkwON72nKuAl9OmbzNMFLJ:6yvVaHAa8jFUt8vSGW/+vb5OaHAa84J
                                                                              MD5:E51B539DF956C4DB8390AC378A67332D
                                                                              SHA1:F9379800792563F43EA3B798C41EAEC13FCC05B1
                                                                              SHA-256:5295A0B6D4A42953F5DF571C17D8EF7BEBFAE38521FF9E9DC15A8D7B3D41E148
                                                                              SHA-512:9E86CAF48C4DE23D407D9FEDADEF19BAB244E709D472A07BF66588D27DCE140B814713ECC8E6A58084D6E01E658CFE48CE024FA9AB11AD56B31CBD412CB4DF9B
                                                                              Malicious:false
                                                                              Preview:2024/10/30-17:37:32.824 1c34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-17:37:32.825 1c34 Recovering log #3.2024/10/30-17:37:32.826 1c34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                                              Category:dropped
                                                                              Size (bytes):86016
                                                                              Entropy (8bit):4.444889464478298
                                                                              Encrypted:false
                                                                              SSDEEP:384:ye6ci5tNiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mms3OazzU89UTTgUL
                                                                              MD5:154427F3E5DDF0A177197A6E3DB20175
                                                                              SHA1:189ED1CDB041E4462E2389AF3938D23A1CBA155D
                                                                              SHA-256:D970420244EF1D7EB57C74FE54B916F92C1C4BFAE895F0B89A3980331C74932A
                                                                              SHA-512:BFA433A6628D2CF1CFDDA8F8A0665BA623C9B469A957FEDE1BE445CBC645CA9936B08B38299384BDFD1E8E5A16EA685059B9CFDA1DC7AD204717808E55A479B7
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite Rollback Journal
                                                                              Category:dropped
                                                                              Size (bytes):8720
                                                                              Entropy (8bit):3.7649227966652496
                                                                              Encrypted:false
                                                                              SSDEEP:48:7MIJioyVfDoioyeDdoy1C7oy16oy1MDhKOioy1noy1AYoy1Wioy1oioykioyBoyT:7LJukCNXjBiXb9IVXEBodRBkBB
                                                                              MD5:1323B0B6C2958530BD5E07A8B48901AF
                                                                              SHA1:A1E3E2ACF1FA29280D5650705B08B7BB3E465741
                                                                              SHA-256:CB7E06AFEF662706470D2085FEB2EE318EC7B0BDEB16EDB1CE5D3B2F00704CDE
                                                                              SHA-512:ADFC039CBD7B604D0F6D096E640FF34D58B7FF52E571D4163BBF76DA3A63DF9CF4C9FAC13154CAD0F8E06AF8623DC148CD16014198786DDDA6F87F3FB5500083
                                                                              Malicious:false
                                                                              Preview:.... .c.....R6.b...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Certificate, Version=3
                                                                              Category:dropped
                                                                              Size (bytes):1391
                                                                              Entropy (8bit):7.705940075877404
                                                                              Encrypted:false
                                                                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                              Malicious:false
                                                                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                              Category:dropped
                                                                              Size (bytes):71954
                                                                              Entropy (8bit):7.996617769952133
                                                                              Encrypted:true
                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                              Malicious:false
                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):192
                                                                              Entropy (8bit):2.7673182398396405
                                                                              Encrypted:false
                                                                              SSDEEP:3:kkFklru1kfllXlE/HT8kzl1NNX8RolJuRdxLlGB9lQRYwpDdt:kK919T8e7NMa8RdWBwRd
                                                                              MD5:4A2B1B20FB08AB1675AA76B878815D15
                                                                              SHA1:9B9FF8419742C5EBF0AFB0C9748BA0217B90FF35
                                                                              SHA-256:77D5CB314EB9799648CD05B7CF46D422AFB3CFA9F164D13DB9CE08769DEAD52A
                                                                              SHA-512:8543224F8FBF62EE152520B7D33D242E5F20EE1E2BE7482054378569F0BC63700E0E290ABE203606B6F3F2E03B07F53C132E2392DFEF21A04954B968BDBC6961
                                                                              Malicious:false
                                                                              Preview:p...... .........K...+..(....................................................... ..........W...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:data
                                                                              Category:modified
                                                                              Size (bytes):328
                                                                              Entropy (8bit):3.1501841598665044
                                                                              Encrypted:false
                                                                              SSDEEP:6:kKnI+EF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:osDnLNkPlE99SNxAhUe/3
                                                                              MD5:0C34E7BF39BDBFD14372E16612ABF621
                                                                              SHA1:2DD6AA9D672E186F0BEDEE752A6BBD588768498D
                                                                              SHA-256:6F618B26A4B140CC7D7177DFD020DFCA35F53E0AF0676AB98D3CF992A3C209F1
                                                                              SHA-512:234B314F9A4074DC525FDEAD5F2B0E0EDF5A623E748F96263BB70CB14EA7FF9E36D188D75A508318146E20A6F4B77E7C1EB40294B69EE095A73FE7AA774A5E43
                                                                              Malicious:false
                                                                              Preview:p...... ........RH6..+..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4544

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):185099
                                                                              Entropy (8bit):5.182478651346149
                                                                              Encrypted:false
                                                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:PostScript document text
                                                                              Category:dropped
                                                                              Size (bytes):185099
                                                                              Entropy (8bit):5.182478651346149
                                                                              Encrypted:false
                                                                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                              Malicious:false
                                                                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):295
                                                                              Entropy (8bit):5.352346456799572
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJM3g98kUwPeUkwRe9:YvXKX+FR/0cqGMbLUkee9
                                                                              MD5:7BD70F73ED37DC70A7872DDAFFE93CFD
                                                                              SHA1:A34B05C5517C63D9AC02E9F79DBBDFD8890A6F84
                                                                              SHA-256:D8BDAC0E122F52A1B134F13B570D04B39146AC48889AD8E0FF3ACD61D394CD8E
                                                                              SHA-512:3B462327A62781A916BB74C810F2536B4D2231BF7B794CFBC73D348227738A1AE2CC94A11F7136804831240FD040B3F50254BBD435C3A3CB692C9F5C24114F85
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.305993780274475
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfBoTfXpnrPeUkwRe9:YvXKX+FR/0cqGWTfXcUkee9
                                                                              MD5:A1A27CAF770408455CCE24684E61E52E
                                                                              SHA1:FE1F89EEC207022B076E74C01F79630B2682FFE9
                                                                              SHA-256:7FF51B153A2C8BA9C0D39EAADA05BC4619BF1082398C688931A02BB6F5695253
                                                                              SHA-512:C3A8648962E0F21F64EC4F05FCBBC21010876F66F73372181BEAAA862DE4B670F4355E418B115C0A01F0BF832BC3399E1C48BA48EAA5404CAD9CAD266137E9C9
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):294
                                                                              Entropy (8bit):5.284253275632283
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfBD2G6UpnrPeUkwRe9:YvXKX+FR/0cqGR22cUkee9
                                                                              MD5:7DC784C42B51127954D4F8E641AB4981
                                                                              SHA1:32AAE245D5078F725332AFEECFCF37E1097AA52A
                                                                              SHA-256:13EF0176337FB53CE12523C8656E82891AA3C3CB18ED2EE3FFADD839F69E81F0
                                                                              SHA-512:87540312F5E18F8311443365ECE2B49859561D18DBA9A7EF9C7F69975D6B2CCD7517EB0F270D29A2EDD0EC4BB42268C8A63E60D04AAC1F894E7EBE6DD5E5CDA6
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):285
                                                                              Entropy (8bit):5.331982473533067
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfPmwrPeUkwRe9:YvXKX+FR/0cqGH56Ukee9
                                                                              MD5:48DF96368EB0FA5DB4928A68C6FD7F07
                                                                              SHA1:B67322D63E21A339DAC1DF1A0427ED1D76797B49
                                                                              SHA-256:975AE038022F7AB16E6D3BB8F9569E8C97DC1BE305F1F85D5B1F9721280A7248
                                                                              SHA-512:351846B92EDAB474C1A4CA47A6C94482F14F7FC5800F1886C1E5EF71298EA7BA7181C7B1766A3520C4FC80F2FF04C999EDAE4AED89EC6B8108BB5255E2BFB56F
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1055
                                                                              Entropy (8bit):5.658876450057217
                                                                              Encrypted:false
                                                                              SSDEEP:12:YvXKX+FR/0cqGBS8Ukee1hSkLEJ1KUHXcLfeoPhSOPhnlbRKRCmK8dKzOCLk9iZU:Yv6XqRnpLgEscLf7nnl0RCmK8czOCCSK
                                                                              MD5:536B129CE7DB9700EBDC2648138C97C9
                                                                              SHA1:6A38A5B2122C82F437DDEA1BFA4E8B5BD6E24204
                                                                              SHA-256:7468D870E37C78CF6266EF5ED5294DA04CE0238BCBC0AEDFBF6AE50A7755F342
                                                                              SHA-512:F455737AD5A9FAA2F4D52AC658EA2A359715E1570B94D16EF801FE30002B0E7DD4D44ED653C796A93205915B25196D93CBF35C7EA3CAC5DECBCD5BFE69EB0667
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1050
                                                                              Entropy (8bit):5.648906370877613
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XqRrVLgEF0c7sbnl0RCmK8czOCYHflEpwiVL:YvFFg6sGAh8cvYHWpwK
                                                                              MD5:E13A64EA3FA8528CAFCD37CFCA7A16AF
                                                                              SHA1:874B4EBF5ACD124625604E488C9961166B0232F4
                                                                              SHA-256:9B68D1161C9EBDFD1F7046A158CD394DBD631F29504098586B68DC0AE4F7DBD7
                                                                              SHA-512:4DEB233170AC6EEBEF1B1E9884CB1376E2CCAC1E1651A4CE6BB8259E8C247110AD74767674E386D4830F190723C294E54890D7A8C37B1F55269468FA08E72524
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):292
                                                                              Entropy (8bit):5.286205561118061
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfQ1rPeUkwRe9:YvXKX+FR/0cqGY16Ukee9
                                                                              MD5:D98EF706F2261A37736722682D63BA42
                                                                              SHA1:845B990EDC3CD859B633F208E91FB9326B3B7BD1
                                                                              SHA-256:427743A4BDFD32AA1AFDBC2E37901905A46028ABF305DEC4B3A5B3F1FC28C5DC
                                                                              SHA-512:CCC1945524F5AB3775D9EE067AA2C34EF0E834E20C95C4EAF7AC2B6FC0A23553023C87E4E644E94B60306CE1B2E7DEF9E3271344216BC72C57B767740EF8CC0E
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1038
                                                                              Entropy (8bit):5.645356246627882
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XqR62LgEF7cciAXs0nl0RCmK8czOCAPtciBL:Yvkogc8hAh8cvAZ
                                                                              MD5:09D86F00DFCDB7CF043A4E4A2430FF85
                                                                              SHA1:C49263AD1CCD4F4CC7D03F1EE93A34116D63EDC0
                                                                              SHA-256:E81C758937D4DC2871D96D35583A585AB7EE0506892D78B5ACCC65F6CA5655A8
                                                                              SHA-512:24727E2AD5E861CF51AA5D549D333989988B1786834450616909224B9775BC612FBB2863DCCC61A1287F4B130881B3A386FD77B786B3339D0CD9094DBB834BD1
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1164
                                                                              Entropy (8bit):5.698032287157699
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XqRGKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5L:Yv0EgqprtrS5OZjSlwTmAfSK9
                                                                              MD5:ED4CA9A9321D8F574695D7DE44A758A7
                                                                              SHA1:5585962FB42CD2DD64A727F993480CD347E86305
                                                                              SHA-256:55B0661E7DC16C3ED07ACC59D96BF7EF2DDCE13F58C0B29BF48ECC59D5889116
                                                                              SHA-512:7A7F173A1829FB504E4C558632723DA710D613C9FAD9750981FFAA9CBA4A93FC94A4D2BAB42C894E83709F01D85448E8CF830973176DBB3F00509A98359F34ED
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):289
                                                                              Entropy (8bit):5.290560899516134
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfYdPeUkwRe9:YvXKX+FR/0cqGg8Ukee9
                                                                              MD5:52A10ABA03A2E7DC9223E0ED4D198A7D
                                                                              SHA1:17286E83DA2C8992D8D82346CF21B411934039CB
                                                                              SHA-256:AEB10F4A5F21BDA16501B171BCD7AEB524AEC452A4E8DCC6FBB5AA476F8C38FC
                                                                              SHA-512:C61B293C50D4113A8BBF97D8E0FDD3F5CC97A00105137A1A2F34249C9BEB13A8572D38E06C2EB56F4017CD7B3EECFABE3F4C4C52500BD73CA510B55C9B25769E
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1395
                                                                              Entropy (8bit):5.775827445270176
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XqRNrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNj:YvbHgDv3W2aYQfgB5OUupHrQ9FJ9
                                                                              MD5:CAD6CFEF8699C415F643F5DB129E4A44
                                                                              SHA1:20A2F57882C252E8FC218167DE1FA45790C1BAD3
                                                                              SHA-256:013071909DFB1C14694A6574392C2C741AA77FF497EAB29DF3439C09B0892B87
                                                                              SHA-512:D1D73B463979201F321E13CA9DF429EF3F0DF53692DD0DDB1DDCEF88E0D729979386C031B3C1D1FC2CC199D2194A8AC030D9AB2C56407A999A92F3CEA4A8F561
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):291
                                                                              Entropy (8bit):5.2741728707328415
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfbPtdPeUkwRe9:YvXKX+FR/0cqGDV8Ukee9
                                                                              MD5:3500C7E4B6ADE08C8DDE494120A82117
                                                                              SHA1:1D98F55D04E489496A92D71C4744301B000E9DD2
                                                                              SHA-256:1B132937FA8E7E53FB38210F94CCD51A1277F68173D42F7B08E0DFCBEA9726ED
                                                                              SHA-512:564B0FBD96D28594531F40511B855EFC59A3DCEB39D385F9B4E1772C598862989DEF8B7EB5355BAB20C0CEE7FEACC3E6C4F6297802B0B0AC0D37F0BFF783F3A7
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):287
                                                                              Entropy (8bit):5.277719405386787
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJf21rPeUkwRe9:YvXKX+FR/0cqG+16Ukee9
                                                                              MD5:8043612413480FA91FB1D1430466A848
                                                                              SHA1:54E991F55A5E39DCC282082B32C982C0412974FE
                                                                              SHA-256:9A35351D3F6F772BE7CE4CA5E4D8E2F88B0A9ACB0CE68BEC3E4DB8E0D41B2343
                                                                              SHA-512:DEEDB52628600BB237A01CC596265181EAA30915367E4BE3B4F916EC42344C3C56DF638B1993EA62E0C42D834D4CAB21FD3924A98AAB6A3D5CB44BD07FC51421
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):1026
                                                                              Entropy (8bit):5.627936056719496
                                                                              Encrypted:false
                                                                              SSDEEP:24:Yv6XqRfamXayLgE7cMCBNaqnl0RCmK8czOC/BSK:YvlBgACBOAh8cvMK
                                                                              MD5:DFE514B0BB770BFD9555CDB3476DFE58
                                                                              SHA1:143A1C27DEFD4EAC9C3A9914AD5A864E914E8D3A
                                                                              SHA-256:95B5D556BED86078F2EAC78BFF186FF95E0CA9518B006A70CD280CC3465A13A4
                                                                              SHA-512:48363CEE1254E93D2776F7513D7C8E3B9F00780327ADB15B93BF95ADFA800A09F5ABFF22A3C862B5B269AE6EDE3EECEE9AC7C778930E483E64D10BA8E6857B6C
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):286
                                                                              Entropy (8bit):5.255020597661823
                                                                              Encrypted:false
                                                                              SSDEEP:6:YEQXJ2HX+FR/0nZiQ0Y6ieoAvJfshHHrPeUkwRe9:YvXKX+FR/0cqGUUUkee9
                                                                              MD5:2E8E3D6D5B059174572DB260613A8D3B
                                                                              SHA1:13CC3E8E7ABCF4D93D172E397B5F9AC0C3DA7C74
                                                                              SHA-256:669B938A28EFC1C0F986A57AFCC6BF0E0AC0B77151AF7AE2DDA8FCF1F8F764EA
                                                                              SHA-512:9418AAEE18EBB8B03479A83DBD219619B0740FB082763404C85DE95F1652BAC8758FB7F3682EFBC9BF372389CB2E33B4A44ABC9F9CEAE16F2AB097A88C0D15C0
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):782
                                                                              Entropy (8bit):5.361058713965823
                                                                              Encrypted:false
                                                                              SSDEEP:12:YvXKX+FR/0cqGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWP:Yv6XqRE168CgEXX5kcIfANhK
                                                                              MD5:6B274BEBC6F155D75175D585F3F4F298
                                                                              SHA1:F6536CF61E1E0702226C75CE1523DFB49D3E7496
                                                                              SHA-256:BE12A9E2F746ECADD9AB3FFF023830300604BA292EA592005D077F43348E55A5
                                                                              SHA-512:3B720A2024CBCEF824354639BF776A56938EEB7C156AC5641ECA758B1805C4916C5CA2D4995C1B8847E215929A1B70C4BED2264290D437E4BA52E5FE71705ECE
                                                                              Malicious:false
                                                                              Preview:{"analyticsData":{"responseGUID":"3256bb58-46b0-488c-b052-fa8ce20a47ad","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1730500496808,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730324261843}}}}

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):4
                                                                              Entropy (8bit):0.8112781244591328
                                                                              Encrypted:false
                                                                              SSDEEP:3:e:e
                                                                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                              Malicious:false
                                                                              Preview:....

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):2818
                                                                              Entropy (8bit):5.1284660473563495
                                                                              Encrypted:false
                                                                              SSDEEP:48:YX1d+01aNMcWGL/eAqxKDlwW7AMFF9hGC:k1wmXYzeAqxKDV7AMRN
                                                                              MD5:962F50C326FCBBB00654CF622F716C28
                                                                              SHA1:1A7A05AFE0CBF94E5264AFBCBDD114796716EC42
                                                                              SHA-256:F5E099647D16110FEEE5AB4283FACFB37B8F89ABA5A3847DA349EAC038E04972
                                                                              SHA-512:3749C7B3D3C67BA0A9ACBC2E0121D3F8738EE951B202844959BA5E0AA73EB3D809FCF554FD358EA18EE68B676039B5FC7FFE32DD8BAB69940DE989A82566B769
                                                                              Malicious:false
                                                                              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8fac37482178287737f59d7d2554729a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730324261000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c0960843fbd68d41342f81583f5f0e57","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730324261000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"141981174db3e2b65952662a1a10802e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730324261000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e3fae576cfeffc6f0d55e6cc3105ab27","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730324261000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e2680222cd0d9d097c65b447e0efcc06","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730324261000},{"id":"Edit_InApp_Aug2020","info":{"dg":"04c77d24d2520016405d057ac9da12c5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                                                              Category:dropped
                                                                              Size (bytes):12288
                                                                              Entropy (8bit):1.1467397457892317
                                                                              Encrypted:false
                                                                              SSDEEP:24:TLhx/XYKQvGJF7urslx7RZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudd:TFl2GL7ms3Xc+XcGNFlRYIX2v3kK
                                                                              MD5:4DBF2DEEAC995C34BD374B5338EE4BBD
                                                                              SHA1:F398507DBF4593F80B14501F6F9EC428A47BF750
                                                                              SHA-256:D4078C57C0DABE7A578AB4B974137C8245EDA265FEB520D432F47213579A70F8
                                                                              SHA-512:356BA40F00EE1B4A3FD3899424E56BBBC072EE4EC3966C33B2E0E4873D95956130505F776C5DBDF68D2C2A2AD1A847B2EF53F9FED366387E8D43A2146A8B3B00
                                                                              Malicious:false
                                                                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:SQLite Rollback Journal
                                                                              Category:dropped
                                                                              Size (bytes):8720
                                                                              Entropy (8bit):1.5527378303936723
                                                                              Encrypted:false
                                                                              SSDEEP:24:7+teFx7UXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux5qLxx/XM:7MFXc+XcGNFlRYIX2vkqVl2GL7msO
                                                                              MD5:C302073CC5C3943C584291E96B529D53
                                                                              SHA1:37D2CD6B068C997C8E1D50844135A84F888AB203
                                                                              SHA-256:5DDDB904EB2EE8CE771A647A8634F43C0D5E45543CB7D86A42A6678D0F773E42
                                                                              SHA-512:945199973A37E2A0B92DA50D4A8597E62F1EB892E5023917FFA27EFEA3DB182366B9E380374D9AA442477F30027AAA4A83084BF378194A35E8CB4A938CF723C9
                                                                              Malicious:false
                                                                              Preview:.... .c.....;.O...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Users\user\AppData\Local\Temp\Doc.pdf

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0438.pdf.exe
                                                                              File Type:PDF document, version 1.7, 1 pages (zip deflate encoded)
                                                                              Category:dropped
                                                                              Size (bytes):125552
                                                                              Entropy (8bit):7.579988719622451
                                                                              Encrypted:false
                                                                              SSDEEP:1536:N0N5xSlECZcbZ42IlWpy67H/AvLpMpBXCF4KMvX6UkMZdEMLHMgifPdEoLIeLA+6:CNPSiJZ4xy8DlivXREMBOlEoMeLjCiQ
                                                                              MD5:7827620BA2CD12D54B41C006BA4D686C
                                                                              SHA1:F6B40CB23006AD0E1AFD4C08CA943A75258FAB34
                                                                              SHA-256:9DAA46F8D84B0E65E2D5FDF7FCD80FF6CA922278C32A2B5C9425C0C5EF7D2096
                                                                              SHA-512:9782FB4DBA6F62A589BF213AE5CCE3F66514319363F499B584DC854ACC1DCD94221102BDDAC982AA9DB36C5B7696BD1ABACF7C15771CDECC317B2F3421CCA321
                                                                              Malicious:false
                                                                              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 11 0 R/MarkInfo<</Marked true>>/Metadata 22 0 R/ViewerPreferences 23 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image9 9 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 188>>..stream..x.E.K..@.......R..!.4 .|$FB.."ZH.+............x.h..!/."..f....X.Q.8M.D0aGK..+.J{x.....(.kJ.FBJ&|.7J...H..f..%..Nory..M'...m9%g.......4.(AV&............2...H..B...Z..o.V#.c.....6k..endstream..endobj..5 0 obj..<</Type/Font/Subtype/TrueType/Name/F1/BaseFont/BCDEEE+Calibri/Encoding/WinAnsiEncoding/FontDescriptor 6 0 R/FirstChar 32/LastChar 32/Widths 20 0 R>>..endobj..6 0 obj..<</Type/FontDescriptor/FontName/BCDEEE+Calibri/Flags 3

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-30 17-37-34-836.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393)
                                                                              Category:dropped
                                                                              Size (bytes):16525
                                                                              Entropy (8bit):5.338264912747007
                                                                              Encrypted:false
                                                                              SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                                                              MD5:128A51060103D95314048C2F32A15C66
                                                                              SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                                                              SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                                                              SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                                                              Malicious:false
                                                                              Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):15114
                                                                              Entropy (8bit):5.341048719683436
                                                                              Encrypted:false
                                                                              SSDEEP:384:BEqBCsz9SglSEJ3onFWnuHreqpcBpO2Q3PtBv3HgYR/5/QG/9cGZFoFItqowYdtI:bvz
                                                                              MD5:FC43BCB1768E9DFDAEDA858FB84320E9
                                                                              SHA1:5A3E82FC65A69FA20954507F99F46090AB742F18
                                                                              SHA-256:221E7A774D1DD928DAEE430C3D23AAD0A78FAF8852CB2D00F15913916F55EBC5
                                                                              SHA-512:5ED5207F64A9A1BAA04F521721E33B3E52BF8E1972B880B3C5AB59B18EFE37F7E31BEDC796A000AB9E4304FF89B7151C5F1E52D0B60D828ED01C064E7C0999C8
                                                                              Malicious:false
                                                                              Preview:SessionID=96289418-a838-4aec-a8b9-ab3eea57c62d.1730324254858 Timestamp=2024-10-30T17:37:34:858-0400 ThreadID=7700 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=96289418-a838-4aec-a8b9-ab3eea57c62d.1730324254858 Timestamp=2024-10-30T17:37:34:867-0400 ThreadID=7700 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=96289418-a838-4aec-a8b9-ab3eea57c62d.1730324254858 Timestamp=2024-10-30T17:37:34:867-0400 ThreadID=7700 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=96289418-a838-4aec-a8b9-ab3eea57c62d.1730324254858 Timestamp=2024-10-30T17:37:34:867-0400 ThreadID=7700 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=96289418-a838-4aec-a8b9-ab3eea57c62d.1730324254858 Timestamp=2024-10-30T17:37:34:867-0400 ThreadID=7700 Component=ngl-lib_NglAppLib Description="SetConf

                                                                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):29752
                                                                              Entropy (8bit):5.398549207180001
                                                                              Encrypted:false
                                                                              SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbNcb4dIblcbx:V3fOCIdJDeb6b6
                                                                              MD5:B712EED683FFCE095A62D24F961B50F9
                                                                              SHA1:1496602782F620A5D943F431EA84E9662A9A33BD
                                                                              SHA-256:92F3E822546079F2BB575958DBA43FA61B75DBC51F4E2C6B8F68867E038328F0
                                                                              SHA-512:244CBB141A997D13532C4020ACA67A2AB6ED6DBFA97A40D25EF3FD3212C1A74E0C2583FAB1424B82F04FAE9F60E69965917159D197D107416DBA110F51328903
                                                                              Malicious:false
                                                                              Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\61dfb46d-12b9-46b0-a89f-65f9501b32de.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                              Category:dropped
                                                                              Size (bytes):1419751
                                                                              Entropy (8bit):7.976496077007677
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                                                                              MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                                                                              SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                                                                              SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                                                                              SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\801585dc-f781-4125-83fb-131f875d10d8.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                              Category:dropped
                                                                              Size (bytes):386528
                                                                              Entropy (8bit):7.9736851559892425
                                                                              Encrypted:false
                                                                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                              Malicious:false
                                                                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\8436644c-cbef-44a9-9c93-af98e87b2a76.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                              Category:dropped
                                                                              Size (bytes):1407294
                                                                              Entropy (8bit):7.97605879016224
                                                                              Encrypted:false
                                                                              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZoYIGNPAIe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZW
                                                                              MD5:7569660AD84B4D0879B7218EE3F575B5
                                                                              SHA1:58BE6C40C47F0E508AA28EA187987CA9DD6498E7
                                                                              SHA-256:339782479B915684E2613D0CB9BA413B2A60C17E244A16A7120B7F518D60DAEE
                                                                              SHA-512:4C9EB20E27149F7540853C3D233B6D3C14EFDCE81C449B34DF33BFC1EEA58456E6AAEC9207912460D3C20861EB5826B277A62C329D5CAB4EA39ADB595B2A3C5A
                                                                              Malicious:false
                                                                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                              C:\Users\user\AppData\Local\Temp\acrocef_low\aa0d2b07-52df-450b-8f21-a7a03debda1e.tmp

                                                                              Download File
                                                                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                              Category:dropped
                                                                              Size (bytes):758601
                                                                              Entropy (8bit):7.98639316555857
                                                                              Encrypted:false
                                                                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                              MD5:3A49135134665364308390AC398006F1
                                                                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                              Malicious:false
                                                                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                              C:\Users\user\AppData\Local\Temp\pdf.msi

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\0438.pdf.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11554816
                                                                              Entropy (8bit):7.9382387394429115
                                                                              Encrypted:false
                                                                              SSDEEP:196608:9Jg0ovdgTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:bAJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:0C88F651EEA7EBD95DF08F6A492FCB38
                                                                              SHA1:93E622BB18056BB61DD11805D91AB1F9267CBD67
                                                                              SHA-256:A1FAAE4E2B695C7DF3846179192F4E67BD8DD05E7E5C6D0B4B72DB175F629076
                                                                              SHA-512:41F69CFCDA6EBB6DD6984D21B19E952BA25C78404B138FF25A8E16283D9080B5E2A85AF4973EC25A4F45F8D402163CCE96906F06F3FBA2068571F1F1ACBEA86C
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Windows\Installer\533823.msi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11554816
                                                                              Entropy (8bit):7.9382387394429115
                                                                              Encrypted:false
                                                                              SSDEEP:196608:9Jg0ovdgTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:bAJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:0C88F651EEA7EBD95DF08F6A492FCB38
                                                                              SHA1:93E622BB18056BB61DD11805D91AB1F9267CBD67
                                                                              SHA-256:A1FAAE4E2B695C7DF3846179192F4E67BD8DD05E7E5C6D0B4B72DB175F629076
                                                                              SHA-512:41F69CFCDA6EBB6DD6984D21B19E952BA25C78404B138FF25A8E16283D9080B5E2A85AF4973EC25A4F45F8D402163CCE96906F06F3FBA2068571F1F1ACBEA86C
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Windows\Installer\533826.msi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: LiteManager - Server 5.0 installation package, Comments: This installer contains the logic and data to install LiteManager Pro - Server 5.0, Keywords: Installer,MSI,Database, Subject: LiteManager Pro - Server, Author: LiteManagerTeam, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Thu Aug 22 15:43:08 2024, Create Time/Date: Thu Aug 22 15:43:08 2024, Last Printed: Thu Aug 22 15:43:08 2024, Revision Number: {9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}, Code page: 0, Template: Intel;0,1033,1049
                                                                              Category:dropped
                                                                              Size (bytes):11554816
                                                                              Entropy (8bit):7.9382387394429115
                                                                              Encrypted:false
                                                                              SSDEEP:196608:9Jg0ovdgTGOk/J1yr/A9ODMlWyFISx8/191nYHiT88o8En03yEoH8WkJDFa:bAJoLA9OIlWy58/19J+iYNPEoHg0
                                                                              MD5:0C88F651EEA7EBD95DF08F6A492FCB38
                                                                              SHA1:93E622BB18056BB61DD11805D91AB1F9267CBD67
                                                                              SHA-256:A1FAAE4E2B695C7DF3846179192F4E67BD8DD05E7E5C6D0B4B72DB175F629076
                                                                              SHA-512:41F69CFCDA6EBB6DD6984D21B19E952BA25C78404B138FF25A8E16283D9080B5E2A85AF4973EC25A4F45F8D402163CCE96906F06F3FBA2068571F1F1ACBEA86C
                                                                              Malicious:false
                                                                              Preview:......................>...................................8........6..................}.................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........<................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...@...M...:...;...=...........?...N...A...B...C...D...E...F...G...H...I...J...O...L...N...D.......P...Q...R...S...T...Z...V...W...X...Y....X..[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                              C:\Windows\Installer\MSI3BEC.tmp

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):294225
                                                                              Entropy (8bit):4.850949281684994
                                                                              Encrypted:false
                                                                              SSDEEP:3072:Aaoy2KjcC2jcmFDX/vjcJGUjcmFDX/rjcmFDX/dZ+oNbynfd:Aaoy25DXmNDXLDXX+oNbynfd
                                                                              MD5:00A66C8221DD38E5E31C064D05DEAA89
                                                                              SHA1:C0A8CDB173F241FA7F25521F6183C799E3D55B9B
                                                                              SHA-256:F88D682CC054607082CC9CDBD799D728161A08ED4D695554F4ADB4339ED19E05
                                                                              SHA-512:E3108FC556C451F4F49982D6AF034E04388572E24B5B93C5C97FB47D2F5E0AE92C94A30119BE1DBC7D35679C564CA1ACE88A2671C0F115AED5585BB1ECA1C36A
                                                                              Malicious:false
                                                                              Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{71FFA475-24D5-44FB-A51F-39B699E3D82C}..LiteManager Pro - Server..pdf.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{9EF586E9-112B-4AAE-B439-5B62B7A0B1DE}.....@.....@.....@.....@.......@.....@.....@.......@......LiteManager Pro - Server......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{3244CDE6-6414-4399-B0D5-424562747210}0.C:\Program Files (x86)\LiteManager Pro - Server\.@.......@.....@.....@......&.{4D4D18AA-F74D-4291-B5A9-93C3CC48B75F}5.C:\Program Files (x86)\LiteManager Pro - Server\Lang\.@.......@.....@.....@......&.{641F154A-FEEF-4FA7-B5BF-414DB1DB8390}C.C:\Program Files (x86)\LiteManager Pro - Server\files\ROMViewer.exe.@.......@.....@.....@......&.{26EAB54E-4659-47E8-86F9-4CB74F7E03BE}0.C:\Program Files (x86)\LiteManager Pro - Server\.@.......@.....@.....@......&.{596F4636-5D51-49

                                                                              C:\Windows\Installer\SourceHash{71FFA475-24D5-44FB-A51F-39B699E3D82C}

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.162422430012862
                                                                              Encrypted:false
                                                                              SSDEEP:12:JSbX72FjmcAGiLIlHVRpqh/7777777777777777777777777vDHFGpZl0i8Q:JJQI56dF
                                                                              MD5:06DA90CCB4343EB1C83165CCD5D9BA4F
                                                                              SHA1:C23F18E20C7AB2601332816B3639250DFC1D7B1E
                                                                              SHA-256:0E3E66E43918683B7BF9AA16CFCAE14B4053EA32722F3B39EF7E6E49C927BC59
                                                                              SHA-512:C49C478F3086C8996969FE5679886FDE98BF86EFAE8B4D58EC9502E64159D57C3E2A961BBF8D399BBD0D5A38D87F4853D0D8940A44DAC4B1FD7917BB503780F8
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7898335349700951
                                                                              Encrypted:false
                                                                              SSDEEP:48:K8PhEuRc06WXJqFT5SlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:VhE1hFT08d+m0WlfPupqG0Wlfwh/
                                                                              MD5:6E31286AE68B3A5A4EF969529160F033
                                                                              SHA1:C21A5170948187896F1D9220F76D96CA35921370
                                                                              SHA-256:E24C371B4C3246E24C1F817959F018C6961A6F38C44BB7B97D5576BD899E6386
                                                                              SHA-512:764A924B5A3BE9331078B0235A8B9B765F6CA6641DE3022DB8A500E3F3C27932202D6468C2B23A523689FC1E9FCA45B9ED0575655C17291E24D2B6C0E810C619
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ARPPRODUCTICON.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):53248
                                                                              Entropy (8bit):4.351781833522881
                                                                              Encrypted:false
                                                                              SSDEEP:384:AvFMAyDNOdTdFCxfrwntajXjDWLi9Y+C5vy/Q1nDcZUNeLNek+vDFNe+TNy:+MAyYdTmPJbgqcnDcCNy
                                                                              MD5:CA680899D9330BEB85E6351E6DC0D27B
                                                                              SHA1:41E89E582F58FB2A4ED06FA3BF796A1DAAC5CB6C
                                                                              SHA-256:EAB5DC45781E92CD5CF953016757B1E6F2ED7A0B5A97CC0945B19A8FBC1A85F2
                                                                              SHA-512:3817BD6EC345F96631E6CBF6C8DD384ACB17D912B1EC69D959F3AA15C05226D5FE3B5E9807D42D0E63589AABCEADFBE8BD5F293D8069DF689D12498E05842286
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(........0...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....0.......@..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\ROMServer.exe_9D09B2BC25A2414CBD848E2B75898676.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\UNINST_Uninstall_L_78AA5B6662514D94A847D6C603AF0895.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):49152
                                                                              Entropy (8bit):4.31126714354722
                                                                              Encrypted:false
                                                                              SSDEEP:384:EvFMAyDNOdTdFCxfrwntajXjDWLi9Y+C5vy/Q1nDcZMwQE3vGYksuektm6yysZc8:SMAyYdTmPJbgqcnDcmwQE/RkHRRNS
                                                                              MD5:6A4AFFF2CD33613166B37A0DAB99BD41
                                                                              SHA1:FBC0F1696213B459D099A5809D79CFC01253880F
                                                                              SHA-256:53C1AE4962663E82D3AAC7C4A6CBE3D53E05D6948ADAE6391A2748396ACF98FE
                                                                              SHA-512:7B61D32E4AD38BC21E86559BFFA49A334CCB6184E595CB43F2D60A2A77C86B31D07B1A9D1F8FBE69E9AAD7E096952D765404BEBC494E73BD992642EB6B82E3A7
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...p...............P....@.........................................................................4T..(........+...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....+.......0..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\config_server_B6BD2967C67B44649764F06ADFFD6458.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}\stop_server_51B516B87C64408FA3C56354EA2277C2.exe

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.774504587732323
                                                                              Encrypted:false
                                                                              SSDEEP:768:SMAyYdTmPJbgqcnDcZTw0gpEeO4tZZz+0pQTk/N0:S1U81cmpjDX/N0
                                                                              MD5:5EBCB54B76FBE24FFF9D3BD74E274234
                                                                              SHA1:6CD72F044F36B7A3A79B7D77AAE59F274A66CE95
                                                                              SHA-256:504AEB909BBA186D4298AA97DCD6A09CCDD42217AF1F6210BC5EBD23B3DFCCBF
                                                                              SHA-512:5FF61D724B77B6EDC67D33B0F1EE1C3CB01F2A03251D0BE83FF10A80A99DBA08E3A0E0F985DEED6358E467B2E9B6A837E894513D1B5E68AF253C0BBDD68539D0
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L...J&uU.................@...................P....@.........................................................................4T..(.......xC...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...xC.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):360001
                                                                              Entropy (8bit):5.362989794820237
                                                                              Encrypted:false
                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauS:zTtbmkExhMJCIpED
                                                                              MD5:93137A1314A1813CB9F94BE2A4B57AA1
                                                                              SHA1:8F376AA9CDA50286008B8B947DAF37333281AEA6
                                                                              SHA-256:2714861BE51621ECF03E68ACCEF41EA8DE0FA46960A1CF52C67ED4446CD8ACA5
                                                                              SHA-512:0CBB9CD5FB2463EDC558A6D33447C36A84DBDF06AC83A8F2C71F96906A4DD1AEE37EB92C9123AEED268DDAD90FDACF858BB87B4235B284A0A2A138DFED120A4E
                                                                              Malicious:false
                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                              Download File
                                                                              Process:C:\Windows\System32\svchost.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):55
                                                                              Entropy (8bit):4.306461250274409
                                                                              Encrypted:false
                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                              Malicious:false
                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                              C:\Windows\Temp\~DF3D91582767A218A7.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):73728
                                                                              Entropy (8bit):0.2230530511846911
                                                                              Encrypted:false
                                                                              SSDEEP:48:PHEmFSBWlOd5YpRXd5YNd5YGd5YMd5YGmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5Y1:PHtFqG0WlfRm0WlfPuiLg
                                                                              MD5:EA4321CF232C4ECE173D34CBA0090A30
                                                                              SHA1:D7DBEC92B3CDFD83448ADF6C59D31C701B1A9228
                                                                              SHA-256:DFBDB9131E0B53A7CFCAB49E4C5B9D15283DFF9E8184ACE95A5470EB84465BB5
                                                                              SHA-512:D79BBDC4CF335E859C5C17A64B205110C6641F8590EE2330D0C0893E71C7E7E5D47BBFFA5EE319BB65DEB843F2951F21D98EA6AAF42CE9EA9FE26CF7E636CC46
                                                                              Malicious:false
                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF5454E4CCD4ACD113.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF547B7510C89C2D6A.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.4178934848184817
                                                                              Encrypted:false
                                                                              SSDEEP:48:/lsudTO+CFXJbT55qXlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:9s1DT3c8d+m0WlfPupqG0Wlfwh/
                                                                              MD5:F213A82A04BB0B648168F9C7BDF47FEF
                                                                              SHA1:21370DADBC0228A655BF082D574EADB4A761503C
                                                                              SHA-256:393CE0A09E41D8D95CFDE9E92348CFDA2949F6335F2CB618CEE9E09A5CF64F6C
                                                                              SHA-512:AA4428DB83197C7BA9D492CDD900DAB33689913E7E06B67D9DCE88B331C899732DBCC2A9F736E057C5CA77B85E5D566BDF6CBE6C24A822586EDC13D65E51B277
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF586DEB8DA5D7E8D8.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.4178934848184817
                                                                              Encrypted:false
                                                                              SSDEEP:48:/lsudTO+CFXJbT55qXlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:9s1DT3c8d+m0WlfPupqG0Wlfwh/
                                                                              MD5:F213A82A04BB0B648168F9C7BDF47FEF
                                                                              SHA1:21370DADBC0228A655BF082D574EADB4A761503C
                                                                              SHA-256:393CE0A09E41D8D95CFDE9E92348CFDA2949F6335F2CB618CEE9E09A5CF64F6C
                                                                              SHA-512:AA4428DB83197C7BA9D492CDD900DAB33689913E7E06B67D9DCE88B331C899732DBCC2A9F736E057C5CA77B85E5D566BDF6CBE6C24A822586EDC13D65E51B277
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF62679B009175D882.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7898335349700951
                                                                              Encrypted:false
                                                                              SSDEEP:48:K8PhEuRc06WXJqFT5SlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:VhE1hFT08d+m0WlfPupqG0Wlfwh/
                                                                              MD5:6E31286AE68B3A5A4EF969529160F033
                                                                              SHA1:C21A5170948187896F1D9220F76D96CA35921370
                                                                              SHA-256:E24C371B4C3246E24C1F817959F018C6961A6F38C44BB7B97D5576BD899E6386
                                                                              SHA-512:764A924B5A3BE9331078B0235A8B9B765F6CA6641DE3022DB8A500E3F3C27932202D6468C2B23A523689FC1E9FCA45B9ED0575655C17291E24D2B6C0E810C619
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DF6ECA8B580811992E.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):0.06823846717123914
                                                                              Encrypted:false
                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOYYbmc6Vky6lZ:2F0i8n0itFzDHFTZ
                                                                              MD5:43121AF9C0468049B811D5DE9EE986C6
                                                                              SHA1:3D65F87A3C467D0DE2BF8F07A60621B947A9CE4C
                                                                              SHA-256:592C5B6D2ADD44B5EFCE1D5A353279925147188A1C15B56B1189E89FE97374E0
                                                                              SHA-512:0B09D5648F1374083996F24FF71AE87B22F152D907C91B84567CA27B985F05C447AF27527A3E760F44817300DB8680F73F5D86A36B9DC157AA3E6C5BB6BC6831
                                                                              Malicious:false
                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFA661B71CD59E4965.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFB0CFCC17288F5CCD.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):20480
                                                                              Entropy (8bit):1.7898335349700951
                                                                              Encrypted:false
                                                                              SSDEEP:48:K8PhEuRc06WXJqFT5SlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:VhE1hFT08d+m0WlfPupqG0Wlfwh/
                                                                              MD5:6E31286AE68B3A5A4EF969529160F033
                                                                              SHA1:C21A5170948187896F1D9220F76D96CA35921370
                                                                              SHA-256:E24C371B4C3246E24C1F817959F018C6961A6F38C44BB7B97D5576BD899E6386
                                                                              SHA-512:764A924B5A3BE9331078B0235A8B9B765F6CA6641DE3022DB8A500E3F3C27932202D6468C2B23A523689FC1E9FCA45B9ED0575655C17291E24D2B6C0E810C619
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFC3DAEF5E5A1F385A.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFD292D796AD5A3587.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFE4D560E9A62CB13E.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512
                                                                              Entropy (8bit):0.0
                                                                              Encrypted:false
                                                                              SSDEEP:3::
                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                              Malicious:false
                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              C:\Windows\Temp\~DFFEE3629B5C818501.TMP

                                                                              Download File
                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):1.4178934848184817
                                                                              Encrypted:false
                                                                              SSDEEP:48:/lsudTO+CFXJbT55qXlbA99lPmSvOd5YpRXd5YNd5YGd5YMd5YP6Ad5YGucYSBWM:9s1DT3c8d+m0WlfPupqG0Wlfwh/
                                                                              MD5:F213A82A04BB0B648168F9C7BDF47FEF
                                                                              SHA1:21370DADBC0228A655BF082D574EADB4A761503C
                                                                              SHA-256:393CE0A09E41D8D95CFDE9E92348CFDA2949F6335F2CB618CEE9E09A5CF64F6C
                                                                              SHA-512:AA4428DB83197C7BA9D492CDD900DAB33689913E7E06B67D9DCE88B331C899732DBCC2A9F736E057C5CA77B85E5D566BDF6CBE6C24A822586EDC13D65E51B277
                                                                              Malicious:false
                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Entropy (8bit):7.9367051756500695
                                                                              TrID:
                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:0438.pdf.exe
                                                                              File size:11'654'747 bytes
                                                                              MD5:2d11dba46735af1cb1c0a42e9564e20d
                                                                              SHA1:b2e17960c6d080f7aba7df87f57c08b4bc2e7051
                                                                              SHA256:e19477a56b247e6cc435fee367abcf6e0c3db21de91ae2514b4a6b1807233c53
                                                                              SHA512:f053c18333c256c87492e7e74832f2ba695c1633cc80d59e4d426eda82d27d7402a22803e439bb2453f4fa12f00697de355edd61c300b7624c66723d7e54dad0
                                                                              SSDEEP:196608:tqwvI8YbsGBCEfbi57P6mCRTMFCxZ9zzvHLbax3QS+hbEPjwDhZzczDlUxMUd:ZIRwGjfbi5DCRoOPzzvfaEAPgOHm5d
                                                                              TLSH:42C6331BFF5D04EAF1AF99F899415022D7B57CC51720868F23B43E4AED736A1AA35302
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                              File Icon

                                                                              Icon Hash:3570b080889388e1

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x140032ee0
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x140000000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:5
                                                                              OS Version Minor:2
                                                                              File Version Major:5
                                                                              File Version Minor:2
                                                                              Subsystem Version Major:5
                                                                              Subsystem Version Minor:2
                                                                              Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              dec eax
                                                                              sub esp, 28h
                                                                              call 00007FA198EC8318h
                                                                              dec eax
                                                                              add esp, 28h
                                                                              jmp 00007FA198EC7CAFh
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              mov eax, esp
                                                                              dec eax
                                                                              mov dword ptr [eax+08h], ebx
                                                                              dec eax
                                                                              mov dword ptr [eax+10h], ebp
                                                                              dec eax
                                                                              mov dword ptr [eax+18h], esi
                                                                              dec eax
                                                                              mov dword ptr [eax+20h], edi
                                                                              inc ecx
                                                                              push esi
                                                                              dec eax
                                                                              sub esp, 20h
                                                                              dec ebp
                                                                              mov edx, dword ptr [ecx+38h]
                                                                              dec eax
                                                                              mov esi, edx
                                                                              dec ebp
                                                                              mov esi, eax
                                                                              dec eax
                                                                              mov ebp, ecx
                                                                              dec ecx
                                                                              mov edx, ecx
                                                                              dec eax
                                                                              mov ecx, esi
                                                                              dec ecx
                                                                              mov edi, ecx
                                                                              inc ecx
                                                                              mov ebx, dword ptr [edx]
                                                                              dec eax
                                                                              shl ebx, 04h
                                                                              dec ecx
                                                                              add ebx, edx
                                                                              dec esp
                                                                              lea eax, dword ptr [ebx+04h]
                                                                              call 00007FA198EC7133h
                                                                              mov eax, dword ptr [ebp+04h]
                                                                              and al, 66h
                                                                              neg al
                                                                              mov eax, 00000001h
                                                                              sbb edx, edx
                                                                              neg edx
                                                                              add edx, eax
                                                                              test dword ptr [ebx+04h], edx
                                                                              je 00007FA198EC7E43h
                                                                              dec esp
                                                                              mov ecx, edi
                                                                              dec ebp
                                                                              mov eax, esi
                                                                              dec eax
                                                                              mov edx, esi
                                                                              dec eax
                                                                              mov ecx, ebp
                                                                              call 00007FA198EC9E57h
                                                                              dec eax
                                                                              mov ebx, dword ptr [esp+30h]
                                                                              dec eax
                                                                              mov ebp, dword ptr [esp+38h]
                                                                              dec eax
                                                                              mov esi, dword ptr [esp+40h]
                                                                              dec eax
                                                                              mov edi, dword ptr [esp+48h]
                                                                              dec eax
                                                                              add esp, 20h
                                                                              inc ecx
                                                                              pop esi
                                                                              ret
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              dec eax
                                                                              sub esp, 48h
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007FA198EB66C3h
                                                                              dec eax
                                                                              lea edx, dword ptr [00025747h]
                                                                              dec eax
                                                                              lea ecx, dword ptr [esp+20h]
                                                                              call 00007FA198EC8F12h
                                                                              int3
                                                                              jmp 00007FA198ECF0F4h
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3
                                                                              int3

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [ C ] VS2008 SP1 build 30729
                                                                              • [IMP] VS2008 SP1 build 30729

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x5f334.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000x970.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x700000x5f3340x5f400ac83509a9abddcfebcee4527be350f1aFalse0.06483503526902887data2.1781366278912278IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xd00000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              PNG0x706440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                              PNG0x7118c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                              RT_ICON0x727380x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2835 x 2835 px/m0.023615261709619195
                                                                              RT_ICON0xb47600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.3191489361702128
                                                                              RT_ICON0xb4bc80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.11867219917012448
                                                                              RT_ICON0xb71700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.17284240150093808
                                                                              RT_ICON0xb82180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.04436294806577547
                                                                              RT_ICON0xc8a400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.08644307982994803
                                                                              RT_DIALOG0xccc680x286dataEnglishUnited States0.5092879256965944
                                                                              RT_DIALOG0xccef00x13adataEnglishUnited States0.60828025477707
                                                                              RT_DIALOG0xcd02c0xecdataEnglishUnited States0.6991525423728814
                                                                              RT_DIALOG0xcd1180x12edataEnglishUnited States0.5927152317880795
                                                                              RT_DIALOG0xcd2480x338dataEnglishUnited States0.45145631067961167
                                                                              RT_DIALOG0xcd5800x252dataEnglishUnited States0.5757575757575758
                                                                              RT_STRING0xcd7d40x1e2dataEnglishUnited States0.3900414937759336
                                                                              RT_STRING0xcd9b80x1ccdataEnglishUnited States0.4282608695652174
                                                                              RT_STRING0xcdb840x1b8dataEnglishUnited States0.45681818181818185
                                                                              RT_STRING0xcdd3c0x146dataEnglishUnited States0.5153374233128835
                                                                              RT_STRING0xcde840x46cdataEnglishUnited States0.3454063604240283
                                                                              RT_STRING0xce2f00x166dataEnglishUnited States0.49162011173184356
                                                                              RT_STRING0xce4580x152dataEnglishUnited States0.5059171597633136
                                                                              RT_STRING0xce5ac0x10adataEnglishUnited States0.49624060150375937
                                                                              RT_STRING0xce6b80xbcdataEnglishUnited States0.6329787234042553
                                                                              RT_STRING0xce7740x1c0dataEnglishUnited States0.5178571428571429
                                                                              RT_STRING0xce9340x250dataEnglishUnited States0.44256756756756754
                                                                              RT_GROUP_ICON0xceb840x5adata0.7555555555555555
                                                                              RT_MANIFEST0xcebe00x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39786666666666665

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                              OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                              gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 30, 2024 22:37:45.703644991 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:45.703687906 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:45.704013109 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:45.704452991 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:45.704464912 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.502645016 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.503063917 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.503072977 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.504141092 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.504282951 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.559149027 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.559410095 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.559474945 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.603336096 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.683119059 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.683130980 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.708791971 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:46.708872080 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.710212946 CET49760443192.168.2.696.7.168.138
                                                                              Oct 30, 2024 22:37:46.710230112 CET4434976096.7.168.138192.168.2.6
                                                                              Oct 30, 2024 22:37:49.459938049 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.466033936 CET565149785111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.466115952 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.475966930 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.482405901 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.482481956 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.484395981 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.490308046 CET8049787111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.492616892 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.512448072 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.517260075 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.518558025 CET46549788111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.518686056 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.523061037 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:49.523341894 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.531738043 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.537756920 CET55554979065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:49.537820101 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.657874107 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.657963037 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.661169052 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.661206007 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.661247969 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.661269903 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.663999081 CET565149785111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.664016962 CET565149785111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.667263985 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.667279005 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.667292118 CET8049787111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.667304993 CET8049787111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.738241911 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.744905949 CET46549788111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.755219936 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:49.761506081 CET46549788111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:49.768898964 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.771640062 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.774811983 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:49.777581930 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:49.886782885 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.886881113 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:49.892890930 CET55554979065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:49.892909050 CET55554979065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.194875002 CET565149785111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.194943905 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.195023060 CET497855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.200953007 CET565149785111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.224582911 CET8049787111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.225261927 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.225364923 CET4978780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.231235981 CET8049787111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.395867109 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.396013975 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.396044970 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.396044970 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.396059036 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.396091938 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.401933908 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.401957035 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.401973963 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.401987076 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.402548075 CET804978965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.402607918 CET4978980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.533799887 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.533937931 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.533937931 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.533977032 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.533977032 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.539743900 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.539838076 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.539848089 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.539856911 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.622980118 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.629075050 CET565149796111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.629149914 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.638509035 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.644803047 CET8049797111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.644872904 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.654803038 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.660778046 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.660846949 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.772384882 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.772521019 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.779906988 CET565149796111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.779918909 CET565149796111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.795167923 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.795454025 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:50.798233986 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.798249960 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:50.800987005 CET8049797111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.801218987 CET8049797111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:50.804141045 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.804182053 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:50.987749100 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.183129072 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.363830090 CET565149796111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.363898993 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.363980055 CET497965651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.370187044 CET565149796111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.371438980 CET8049797111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.371506929 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.371548891 CET4979780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.377346039 CET8049797111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.547911882 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.548060894 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.548060894 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.548062086 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.548140049 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.548140049 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.554110050 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.554121017 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.554131985 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.554181099 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.554847002 CET804979865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.554913044 CET4979880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.686878920 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.692817926 CET565149804111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.692972898 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.701059103 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.706898928 CET8049805111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.706970930 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.717190027 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.723119974 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.723196030 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.824069977 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.824151039 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.830158949 CET565149804111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.830183983 CET565149804111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.839538097 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.839561939 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:51.845443010 CET8049805111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.845454931 CET8049805111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:51.855794907 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.855808020 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:51.861776114 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.861804008 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:51.988221884 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.075984955 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.423446894 CET565149804111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.423525095 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.423662901 CET498045651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.429399014 CET565149804111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.440408945 CET8049805111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.444602966 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.446360111 CET4980580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.452137947 CET8049805111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.607168913 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.607296944 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.607325077 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.607331991 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.607348919 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.607420921 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.613291025 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.613303900 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.613313913 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.613323927 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.613653898 CET804980665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.614027023 CET4980680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.751302958 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.757504940 CET565149815111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.757586002 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.764761925 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.770665884 CET8049816111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.770740032 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.780112028 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.786109924 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.786195993 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.886496067 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.886527061 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.892517090 CET565149815111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.892532110 CET565149815111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.911115885 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.911149025 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:52.917819977 CET8049816111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.917841911 CET8049816111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:52.922277927 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.922297001 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:52.929074049 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:52.929085016 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.003915071 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.053328991 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.502743006 CET565149815111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.502768040 CET8049816111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.502851009 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.502856970 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.502914906 CET4981680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.502953053 CET498155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.508766890 CET8049816111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.512837887 CET565149815111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.671948910 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.672089100 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.672112942 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.672128916 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.672142982 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.672184944 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.677922010 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.677939892 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.677949905 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.677961111 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.678997993 CET804981765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.679088116 CET4981780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.811996937 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.817826033 CET565149823111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.818001032 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.826055050 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.831933022 CET8049824111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.832024097 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.842405081 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.848274946 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.848355055 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.949949026 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.949981928 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.955821991 CET565149823111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.955842018 CET565149823111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.965255976 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.965312004 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:53.971355915 CET8049824111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.971366882 CET8049824111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:53.981199980 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.981199980 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:53.987306118 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:53.987333059 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.019845963 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.073749065 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.522191048 CET565149823111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.522275925 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.522344112 CET498235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.528213024 CET565149823111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.530208111 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.536267996 CET565149828111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.536370993 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.562997103 CET8049824111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.563137054 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.563219070 CET4982480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.569238901 CET8049824111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.639642000 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.645828009 CET8049829111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.645932913 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.667741060 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.667757988 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.675843954 CET565149828111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.675875902 CET565149828111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.699486971 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.699615002 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.699640989 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.700037956 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.700097084 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.700097084 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.705606937 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.705638885 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.705907106 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.705935001 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.706151962 CET804982565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:54.706212997 CET4982580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:54.782145977 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.782231092 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:54.788326979 CET8049829111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:54.788403034 CET8049829111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.035377979 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.073739052 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.076714039 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:55.079631090 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.079706907 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.083396912 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.083478928 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.089199066 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.089390993 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.262378931 CET565149828111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.262474060 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:55.262526035 CET498285651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:55.268327951 CET565149828111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.364918947 CET8049829111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.365030050 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:55.365109921 CET4982980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:55.372514963 CET8049829111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:55.965658903 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.965800047 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.965830088 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.965862989 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.965862989 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.965899944 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:55.971837997 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.971857071 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.971865892 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.971896887 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.972397089 CET804983365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:55.972445965 CET4983380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.036190033 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.089387894 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.093314886 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.099347115 CET565149840111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.099422932 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.107642889 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.113924026 CET8049841111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.114001036 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.123055935 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.129015923 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.129095078 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.230140924 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.230165958 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.236099005 CET565149840111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.236145973 CET565149840111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.245887041 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.246076107 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.251799107 CET8049841111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.251935005 CET8049841111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.261514902 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.261600018 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.267600060 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.267832041 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.821238995 CET565149840111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.821311951 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.821397066 CET498405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.826469898 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.827838898 CET565149840111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.831722021 CET8049841111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.831789970 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.831851006 CET4984180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.832664013 CET565149847111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.832741022 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.838835001 CET8049841111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.964637995 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.964662075 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:56.970488071 CET565149847111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.970500946 CET565149847111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:56.978071928 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.978203058 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.978231907 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.978301048 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.978324890 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.978365898 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:56.984277964 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.984288931 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.984297991 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.984307051 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.984788895 CET804984265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:56.984843016 CET4984280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:57.051316977 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:57.104998112 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:57.565867901 CET565149847111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:57.568646908 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:57.569338083 CET498475651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:57.575133085 CET565149847111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:58.000407934 CET46549788111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:58.000497103 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:58.000654936 CET49788465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:58.006419897 CET46549788111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:58.021920919 CET55554979065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:58.022016048 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:58.022069931 CET497905555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:37:58.027935028 CET55554979065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:37:58.051868916 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:58.105024099 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:37:59.067332029 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:37:59.119690895 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:00.067977905 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:00.108500004 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:01.083415985 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:01.136265039 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:02.083523989 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:02.136250973 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:03.099292994 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:03.151912928 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.123553038 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:04.167506933 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.971599102 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.977507114 CET565149890111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:04.977638006 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.983592987 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.989414930 CET8049891111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:04.989486933 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:04.998822927 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.006756067 CET46549892111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.007067919 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.013931990 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.020035982 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.020204067 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.030246019 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.036268950 CET55554989565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.036469936 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.106406927 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.106432915 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.112268925 CET565149890111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.112368107 CET565149890111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.116585016 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.120965958 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.121052980 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.126902103 CET8049891111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.127058983 CET8049891111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.137255907 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.137342930 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.143134117 CET46549892111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.143609047 CET46549892111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.152194023 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.152211905 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.158102989 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.158281088 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.167512894 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.168929100 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.169178009 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.174823046 CET55554989565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.175055027 CET55554989565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.701668024 CET565149890111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.701739073 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.701811075 CET498905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.702003002 CET8049891111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.702061892 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.702109098 CET4989180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.707977057 CET565149890111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.708259106 CET8049891111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.795757055 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.801858902 CET565149899111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.802063942 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.810550928 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.816668987 CET8049900111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.816742897 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.869683981 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.869805098 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.869823933 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.869831085 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.869848967 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.869884014 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.875821114 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.875854015 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.875883102 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.875921011 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.876796961 CET804989465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.876904011 CET4989480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.905725002 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.914527893 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:05.914601088 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:05.933413029 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.933433056 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.939429998 CET565149899111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.939479113 CET565149899111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.949028015 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.949054956 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:05.955041885 CET8049900111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:05.955070019 CET8049900111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.042792082 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.042813063 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.048700094 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.048772097 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.132236958 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.183123112 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.524020910 CET565149899111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.524084091 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.524152040 CET498995651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.526266098 CET8049900111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.526362896 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.526453018 CET4990080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.530297995 CET565149899111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.532336950 CET8049900111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.561431885 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.567593098 CET565149907111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.567679882 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.576539993 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.582905054 CET8049908111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.582973003 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.699114084 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.699618101 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.704994917 CET565149907111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.705935955 CET565149907111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.714745045 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.714783907 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:06.720782042 CET8049908111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.720798016 CET8049908111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:06.772284985 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.772456884 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.772456884 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.772510052 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.772566080 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.772566080 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.778358936 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.778383970 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.778395891 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.778409004 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.778836012 CET804990265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.778976917 CET4990280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.780658007 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.786875963 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.787237883 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.917656898 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.917777061 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:06.923621893 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:06.923759937 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.147872925 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.200592041 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.276963949 CET565149907111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.277211905 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.277368069 CET499075651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.283826113 CET565149907111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.298917055 CET8049908111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.299129963 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.299336910 CET4990880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.305135012 CET8049908111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.325973988 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.332235098 CET565149915111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.332504034 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.340274096 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.346322060 CET8049916111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.346527100 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.464493036 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.464585066 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.470375061 CET565149915111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.470504999 CET565149915111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.480205059 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.480205059 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:07.486120939 CET8049916111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.486134052 CET8049916111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:07.636197090 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.636620998 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.636620998 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.636703014 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.636703014 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.636703014 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.643687010 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.643717051 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.643743992 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.643770933 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.644224882 CET804991065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.644454956 CET4991080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.653815031 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.662118912 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.662312031 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.792679071 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.792679071 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:07.798576117 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:07.798605919 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.058845997 CET565149915111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.058917046 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.058984995 CET499155651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.064198017 CET8049916111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.064265966 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.064322948 CET4991680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.064819098 CET565149915111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.070318937 CET8049916111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.091772079 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.097714901 CET565149923111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.098961115 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.106193066 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.112097979 CET8049924111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.112216949 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.163465023 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.214416981 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.230201960 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.230201960 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.236493111 CET565149923111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.236524105 CET565149923111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.245877981 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.245907068 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.252140999 CET8049924111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.252155066 CET8049924111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.501873016 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.501998901 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.501998901 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.502074957 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.502074957 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.502116919 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.507975101 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.507992029 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.508008003 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.508019924 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.508202076 CET804991865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.508255005 CET4991880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.528821945 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.534677982 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.534742117 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.667717934 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.667717934 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:08.673710108 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.673728943 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:08.819422960 CET565149923111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.819556952 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.819634914 CET499235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.825520039 CET565149923111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.828486919 CET8049924111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.828623056 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.828788996 CET4992480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.834568977 CET8049924111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.856802940 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.862785101 CET565149930111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.862907887 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.876575947 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.882530928 CET8049931111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:08.882644892 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.995764971 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:08.995764971 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.002382040 CET565149930111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.002424002 CET565149930111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.011432886 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.011432886 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.017685890 CET8049931111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.017741919 CET8049931111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.179198027 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.230060101 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.391160011 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.391302109 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.391302109 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.391303062 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.391388893 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.391388893 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.398119926 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.398185968 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.398215055 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.398242950 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.398509026 CET804992665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.398876905 CET4992680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.403882027 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.410594940 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.410692930 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.542725086 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.542781115 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:09.548616886 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.548629045 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:09.590490103 CET8049931111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.590609074 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.590703011 CET4993180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.596601009 CET8049931111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.599457979 CET565149930111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.599565029 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.599822998 CET499305651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.605551958 CET565149930111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.622390032 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.628217936 CET565149938111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.628343105 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.637334108 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.643170118 CET8049939111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.643235922 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.761416912 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.763931036 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.767281055 CET565149938111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.769820929 CET565149938111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.777019978 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.777040958 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:09.782857895 CET8049939111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:09.782867908 CET8049939111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.194813013 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.245639086 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.254131079 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.254236937 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.254252911 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.254261017 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.254267931 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.254297018 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.260318995 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.260329962 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.260339022 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.260348082 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.261053085 CET804993465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.261101961 CET4993480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.279786110 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.285959959 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.286032915 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.350459099 CET565149938111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.350584030 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.350615978 CET499385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.356530905 CET565149938111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.385029078 CET8049939111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.385094881 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.385174036 CET4993980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.387995958 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.391011000 CET8049939111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.393838882 CET565149943111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.393919945 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.403007030 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.408901930 CET8049944111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.408988953 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.417608976 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.417676926 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:10.423477888 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.423490047 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:10.527029037 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.527050018 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.532865047 CET565149943111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.532880068 CET565149943111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.542711020 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.542785883 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:10.548727989 CET8049944111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:10.548738956 CET8049944111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.113756895 CET565149943111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.113815069 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.113912106 CET499435651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.119693041 CET565149943111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.134325027 CET8049944111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.134397030 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.134455919 CET4994480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.140213966 CET8049944111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.144275904 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.144395113 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.144413948 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.144413948 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.144426107 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.144445896 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.150181055 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.150276899 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.150286913 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.150295973 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.151683092 CET804994265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.151737928 CET4994280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.154261112 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.160135984 CET565149948111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.160223961 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.169979095 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.175745964 CET8049949111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.175848961 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.186450958 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.192198992 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.192673922 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.210242987 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.261275053 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.292733908 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.292735100 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.298914909 CET565149948111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.299069881 CET565149948111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.308842897 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.308842897 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.317145109 CET8049949111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.317293882 CET8049949111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.323893070 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.323893070 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:11.332176924 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.332340002 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:11.891143084 CET565149948111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.891237974 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.891653061 CET499485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.897883892 CET565149948111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.901316881 CET8049949111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.901422024 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.901422024 CET4994980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.908081055 CET8049949111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.919224977 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.925014019 CET565149955111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.925184011 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.934067011 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:11.941632032 CET8049956111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:11.941798925 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.058250904 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.058274031 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.064364910 CET565149955111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.064378023 CET565149955111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.064627886 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.064781904 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.064781904 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.064781904 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.064781904 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.064812899 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.071938992 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.071949005 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.072002888 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.072012901 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.072256088 CET804995065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.072403908 CET4995080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.073848009 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.073892117 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.080410004 CET8049956111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.080427885 CET8049956111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.138190985 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.144429922 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.144581079 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.226039886 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.272885084 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.276971102 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.276971102 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:12.283030987 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.283044100 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:12.651700020 CET8049956111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.651772022 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.652288914 CET4995680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.652868986 CET565149955111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.652965069 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.652965069 CET499555651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.658078909 CET8049956111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.658809900 CET565149955111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.684854031 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.690591097 CET565149963111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.690865993 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.699634075 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.706803083 CET8049964111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.706937075 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.823848009 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.823848009 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.829787970 CET565149963111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.829849005 CET565149963111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.839659929 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.839706898 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:12.845585108 CET8049964111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:12.845602036 CET8049964111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.025109053 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.025276899 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.025307894 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.025307894 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.025307894 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.025340080 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.031230927 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.031259060 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.031269073 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.031280994 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.034775972 CET804995865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.034840107 CET4995880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.122586966 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.129031897 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.129117966 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.226814032 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.262042046 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.262226105 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.267838955 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.267962933 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.276896000 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.431103945 CET8049964111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.431186914 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.431284904 CET4996480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.433732033 CET565149963111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.434052944 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.434052944 CET499635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.437131882 CET8049964111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.439845085 CET565149963111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.450793982 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.456676960 CET565149971111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.456792116 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.465959072 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.471816063 CET8049972111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.471879959 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.521979094 CET55554989565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.522083044 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.522088051 CET46549892111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.522151947 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.522200108 CET498955555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.522209883 CET49892465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.528029919 CET55554989565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.528228998 CET46549892111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.560451984 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.566371918 CET46549973111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.566577911 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.600668907 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.600795031 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.601016045 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.605317116 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.605317116 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.606955051 CET55554997465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.606985092 CET565149971111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.607000113 CET565149971111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.607079029 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.611213923 CET8049972111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.611227036 CET8049972111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.699109077 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.699201107 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:13.705197096 CET46549973111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.705215931 CET46549973111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:13.714935064 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.714935064 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.720846891 CET55554997465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.720884085 CET55554997465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.988059044 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.988210917 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.988210917 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.988210917 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.988291025 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.988291025 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.994824886 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.994842052 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.994856119 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.994868994 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.995563030 CET804996765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:13.995655060 CET4996780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:13.998116016 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.004467964 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.004540920 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.136888027 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.136915922 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.142828941 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.142847061 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.165050983 CET565149971111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.165136099 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.165211916 CET499715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.171101093 CET565149971111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.207653999 CET8049972111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.207765102 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.207765102 CET4997280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.213649035 CET8049972111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.216514111 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.222605944 CET565149980111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.222676039 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.227132082 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.231451988 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.237504959 CET8049981111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.237634897 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.276901960 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.355159998 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.355184078 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.361352921 CET565149980111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.361373901 CET565149980111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.370767117 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.370834112 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.376589060 CET8049981111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.376854897 CET8049981111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.863517046 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.863661051 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.863661051 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.863688946 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.863688946 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.863775015 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.869525909 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.869541883 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.869551897 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.869561911 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.870063066 CET804997765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.870240927 CET4997780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.872558117 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.878408909 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:14.880675077 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:14.948194027 CET565149980111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.948287010 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.948375940 CET499805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.948957920 CET8049981111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.949414015 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.949490070 CET4998180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.954292059 CET565149980111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.955271959 CET8049981111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.981595039 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.987495899 CET565149987111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:14.988687992 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:14.996721983 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.002554893 CET8049988111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.004821062 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.011395931 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.011466980 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.017533064 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.017569065 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.120770931 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.120857954 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.127298117 CET565149987111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.127454996 CET565149987111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.136573076 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.136573076 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.143207073 CET8049988111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.143217087 CET8049988111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.242620945 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.292602062 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.713023901 CET565149987111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.713150024 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.713150024 CET499875651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.719957113 CET565149987111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.732486010 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.732598066 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.732646942 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.732646942 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.732671976 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.732703924 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.733256102 CET8049988111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.733316898 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.733351946 CET4998880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.738625050 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.738646030 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.738658905 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.738672018 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.739165068 CET804998565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.739212990 CET4998580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.739330053 CET8049988111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.747359991 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.753247023 CET565149994111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.753319025 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.762059927 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.768162012 CET8049995111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.768238068 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.777828932 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.783869028 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.783941984 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.886450052 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.886451006 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.893699884 CET565149994111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.893735886 CET565149994111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.902018070 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.902038097 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:15.908289909 CET8049995111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.908301115 CET8049995111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:15.917874098 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.917996883 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:15.923794985 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:15.923806906 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.258759975 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.308128119 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.459013939 CET565149994111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.460648060 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.470688105 CET499945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.477248907 CET565149994111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.481055975 CET8049995111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.481133938 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.481245041 CET4999580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.487797022 CET8049995111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.582755089 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.589236021 CET565150001111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.592637062 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.597484112 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.603991985 CET8050002111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.604059935 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.646450043 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.651235104 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.651271105 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.651271105 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.651288986 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.651288986 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.657133102 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.657145023 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.657152891 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.657180071 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.657824993 CET804999665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.660619020 CET4999680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.693212032 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.693233013 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.699043989 CET565150001111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.699131012 CET565150001111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.714694977 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.714694977 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:16.720545053 CET8050002111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.720567942 CET8050002111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:16.733666897 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.739639997 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.739698887 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.870743990 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.870771885 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:16.880016088 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:16.880033016 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.275321007 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.323765039 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.328047991 CET8050002111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.328178883 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.328178883 CET5000280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.332636118 CET565150001111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.332726002 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.332808018 CET500015651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.334254026 CET8050002111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.338630915 CET565150001111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.389352083 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.395459890 CET565150009111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.395531893 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.405543089 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.411485910 CET8050010111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.411561966 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.527055979 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.527055979 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.532998085 CET565150009111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.533015966 CET565150009111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.542658091 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.542709112 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:17.548612118 CET8050010111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.548652887 CET8050010111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:17.596580982 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.596693993 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.596752882 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.596752882 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.596752882 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.596790075 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.602901936 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.602912903 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.602922916 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.602932930 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.603303909 CET805000465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.603359938 CET5000480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.607456923 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.613307953 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.613373995 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.745862007 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.745907068 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:17.751913071 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:17.752062082 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.105330944 CET565150009111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.105664968 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.105771065 CET500095651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.112709045 CET565150009111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.135086060 CET8050010111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.135160923 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.135229111 CET5001080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.141118050 CET8050010111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.156337976 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.162426949 CET565150016111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.162518978 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.170937061 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.179028988 CET8050017111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.179150105 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.289439917 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.292678118 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.292716026 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.298708916 CET565150016111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.298722029 CET565150016111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.308221102 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.308336020 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.314095974 CET8050017111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.314379930 CET8050017111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.339401960 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.494033098 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.494235039 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.494319916 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.494343042 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.494363070 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.494399071 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.500587940 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.500825882 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.500925064 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.501046896 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.501629114 CET805001265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.501684904 CET5001280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.592406988 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.599204063 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.599275112 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.730217934 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.730484009 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:18.736330032 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.736385107 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:18.874187946 CET565150016111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.874288082 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.874376059 CET500165651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.880141020 CET565150016111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.901344061 CET8050017111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.901420116 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.901529074 CET5001780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.907433033 CET8050017111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.921092033 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.927186966 CET565150024111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.927290916 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.935831070 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:18.942419052 CET8050025111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:18.942526102 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.058289051 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.058331966 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.064858913 CET565150024111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.064877987 CET565150024111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.073904037 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.073904037 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.080538988 CET8050025111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.080554008 CET8050025111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.304979086 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.355005980 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.499582052 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.499739885 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.499773979 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.499789000 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.499829054 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.499907017 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.505678892 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.505724907 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.505733013 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.505740881 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.506035089 CET805002165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.506232977 CET5002180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.576792955 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.582761049 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.582830906 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.641519070 CET8050025111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.641578913 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.641674042 CET5002580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.645690918 CET565150024111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.645854950 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.645899057 CET500245651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.648231983 CET8050025111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.652688980 CET565150024111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.685408115 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.691350937 CET565150032111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.691416979 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.700963974 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.706882000 CET8050033111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.706959963 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.714534998 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.714571953 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:19.720505953 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.720516920 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:19.823945045 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.823995113 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.830971956 CET565150032111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.830987930 CET565150032111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.839535952 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.839936018 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:19.845423937 CET8050033111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:19.845705032 CET8050033111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.320413113 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.370635986 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.408859968 CET565150032111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.408942938 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.408991098 CET500325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.414882898 CET565150032111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.419985056 CET8050033111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.420453072 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.420453072 CET5003380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.426270962 CET8050033111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.451709032 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.457639933 CET565150037111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.460643053 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.464441061 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.464670897 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.464687109 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.464699984 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.464726925 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.464755058 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.467962980 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.470896006 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.470928907 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.470937967 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.470963955 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.471421003 CET805002965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:20.472611904 CET5002980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:20.473838091 CET8050038111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.474239111 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.589654922 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.589654922 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.595613956 CET565150037111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.595629930 CET565150037111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.605256081 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.605256081 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:20.611170053 CET8050038111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:20.611183882 CET8050038111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.157286882 CET565150037111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.158989906 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:21.161761999 CET500375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:21.167543888 CET565150037111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.212238073 CET8050038111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.214451075 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:21.245201111 CET5003880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:21.251104116 CET8050038111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.336064100 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:21.386293888 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:22.064584970 CET46549973111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:22.064697027 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:22.064735889 CET49973465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:22.070893049 CET46549973111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:22.093271017 CET55554997465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:22.093364000 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:22.093400955 CET499745555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:22.099373102 CET55554997465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:22.351598024 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:22.401931047 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:23.367422104 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:23.417510033 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.369726896 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.417553902 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.547437906 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.553327084 CET565150062111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.553436041 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.561189890 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.567111015 CET8050063111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.567209959 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.577721119 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.583574057 CET46550064111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.583652020 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.592027903 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.597871065 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:24.597976923 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.621649981 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.627698898 CET55555006665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:24.627768993 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.683582067 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.683620930 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.690265894 CET565150062111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.690359116 CET565150062111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.698975086 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.699019909 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.704951048 CET8050063111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.704967022 CET8050063111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.715153933 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.715199947 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:24.721272945 CET46550064111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.721283913 CET46550064111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:24.730221987 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.730259895 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.736669064 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:24.736690998 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:24.746014118 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.746046066 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:24.751980066 CET55555006665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:24.752006054 CET55555006665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.273658991 CET565150062111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.273742914 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.273814917 CET500625651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.279618979 CET565150062111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.288224936 CET8050063111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.288347006 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.288661003 CET5006380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.294517994 CET8050063111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.370121956 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.374717951 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.380614042 CET565150072111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.380678892 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.389214039 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.395126104 CET8050073111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.395246029 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.417511940 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.459703922 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.459853888 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.459897995 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.459897995 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.459980011 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.459980011 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.465827942 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.465841055 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.465851068 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.465859890 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.466165066 CET805006565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:25.466528893 CET5006580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:25.536478996 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.536505938 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.537065029 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.537065983 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:25.542382002 CET565150072111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.542397022 CET565150072111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.542920113 CET8050073111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:25.542937994 CET8050073111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.087521076 CET565150072111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.087599039 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:26.087686062 CET500725651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:26.093544006 CET565150072111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.108881950 CET8050073111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.109038115 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:26.109038115 CET5007380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:26.114912033 CET8050073111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.385114908 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:26.433160067 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.400593996 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.448791027 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.531034946 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.536855936 CET565150084111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.540313005 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.545414925 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.551414967 CET8050085111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.551538944 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.560887098 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:27.567096949 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:27.567199945 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:27.668462038 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.668462038 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.674535036 CET565150084111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.674570084 CET565150084111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.683518887 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.683520079 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:27.689583063 CET8050085111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.689662933 CET8050085111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:27.699126959 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:27.699157953 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:27.704957962 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:27.704982996 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.271100998 CET8050085111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.271195889 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.271295071 CET5008580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.277108908 CET8050085111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.283178091 CET565150084111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.283307076 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.283418894 CET500845651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.289910078 CET565150084111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.327302933 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.333281040 CET565150091111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.333350897 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.342140913 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.348171949 CET8050092111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.348232985 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.416039944 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.416205883 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.416258097 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.416258097 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.416258097 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.416275978 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.416872978 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422075987 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422086000 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422095060 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422151089 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422605038 CET805008665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.422763109 CET5008680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.436305046 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.442390919 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.442533970 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.464437008 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.464785099 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.464785099 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.470727921 CET565150091111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.470801115 CET565150091111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.480129957 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.480164051 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:28.485944986 CET8050092111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.486124039 CET8050092111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:28.574306965 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.574306965 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:28.580246925 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:28.580302000 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.031631947 CET565150091111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.031739950 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.031816959 CET500915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.037590027 CET565150091111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.053544998 CET8050092111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.053659916 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.053724051 CET5009280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.059549093 CET8050092111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.100651026 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.106801033 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.106832981 CET565150098111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.106977940 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.112654924 CET8050099111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.114808083 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.230377913 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.230618954 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.236449003 CET565150098111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.236465931 CET565150098111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.245738983 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.245765924 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.251938105 CET8050099111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.251979113 CET8050099111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.299985886 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.300175905 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.300252914 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.300252914 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.300252914 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.300252914 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.306104898 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.306145906 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.306155920 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.306186914 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.306569099 CET805009465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.306648016 CET5009480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.309417963 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.315397024 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.315486908 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.431997061 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.448949099 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.449018002 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:29.455169916 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.455202103 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:29.480082035 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.818880081 CET8050099111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.819036007 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.819036007 CET5009980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.819982052 CET565150098111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.820060015 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.820116997 CET500985651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.825134039 CET8050099111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.826081991 CET565150098111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.856473923 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.862588882 CET565150102111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.862649918 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.871738911 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.878036976 CET8050103111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:29.878108025 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.995914936 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:29.995999098 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.002024889 CET565150102111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.002046108 CET565150102111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.011423111 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.011462927 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.017460108 CET8050103111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.017518044 CET8050103111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.163588047 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.163789988 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.163888931 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.163888931 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.163889885 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.163889885 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.169833899 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.169867992 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.169923067 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.169950962 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.170470953 CET805010165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.170530081 CET5010180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.184308052 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.190193892 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.190295935 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.324245930 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.324320078 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:30.509088039 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.510092020 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.510128975 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:30.558166981 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.587557077 CET565150102111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.587739944 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.587794065 CET501025651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.589885950 CET8050103111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.589951038 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.589994907 CET5010380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.593672037 CET565150102111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.595841885 CET8050103111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.621973038 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.628551960 CET565150105111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.628660917 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.637275934 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.643271923 CET8050106111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.643378019 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.761588097 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.761786938 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.767715931 CET565150105111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.767740965 CET565150105111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.777021885 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.780615091 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:30.783210993 CET8050106111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:30.786480904 CET8050106111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.080940008 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.081264019 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.081306934 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.081306934 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.081306934 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.081319094 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.087507010 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.087539911 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.087568045 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.087595940 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.088299990 CET805010465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.088349104 CET5010480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.168925047 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.174904108 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.175004005 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.308361053 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.308413982 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:31.314527988 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.314574003 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:31.346990108 CET565150105111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.347071886 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.347121000 CET501055651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.353267908 CET565150105111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.370904922 CET8050106111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.371068954 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.371119976 CET5010680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.377389908 CET8050106111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.387414932 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.393712044 CET565150108111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.393804073 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.402879953 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.408782005 CET8050109111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.408862114 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.463160992 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.511362076 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.527110100 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.527110100 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.533171892 CET565150108111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.533206940 CET565150108111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.542606115 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.542728901 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:31.548583984 CET8050109111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:31.548630953 CET8050109111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.023204088 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.023441076 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.023442030 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.023490906 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.023490906 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.023490906 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.029570103 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.029632092 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.029659986 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.029686928 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.030163050 CET805010765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.030237913 CET5010780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.043706894 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.049832106 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.049952030 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.114351988 CET8050109111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.114587069 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.114623070 CET5010980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.120748997 CET8050109111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.125520945 CET565150108111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.125586987 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.125612974 CET501085651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.131974936 CET565150108111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.153402090 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.160166979 CET565150111111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.160330057 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.168766975 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.175241947 CET8050112111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.175349951 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.183420897 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.183440924 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.189435005 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.189452887 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.292743921 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.292828083 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.299067020 CET565150111111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.299310923 CET565150111111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.308248997 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.308392048 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.314445972 CET8050112111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.314479113 CET8050112111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.479110003 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.526973963 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.875966072 CET565150111111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.876735926 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.880505085 CET501115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.886435986 CET565150111111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.897197962 CET8050112111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.900645018 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.900684118 CET5011280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.906635046 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.906866074 CET8050112111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.906994104 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.907008886 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.907008886 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.907017946 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.907040119 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.912964106 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.912995100 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.913023949 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.913069010 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.913464069 CET805011065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.916640043 CET5011080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.918690920 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.924720049 CET565150113111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.928663015 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.934228897 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.940231085 CET8050114111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:32.940648079 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:32.949949026 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:32.955864906 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:32.956634998 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.058343887 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.058377981 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.064208031 CET46550064111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.064292908 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.064347029 CET50064465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.064522982 CET565150113111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.064551115 CET565150113111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.070523977 CET46550064111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.074013948 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.074013948 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.080079079 CET8050114111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.080097914 CET8050114111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.089468956 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.089490891 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.095472097 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.095566034 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.110093117 CET55555006665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.110150099 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.110213041 CET500665555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.116137981 CET55555006665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.137789011 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.143773079 CET46550116111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.143867970 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.152982950 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.159090996 CET55555011765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.159969091 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.277211905 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.277266026 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.283103943 CET46550116111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.283210039 CET46550116111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.292699099 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.292855024 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.298726082 CET55555011765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.298764944 CET55555011765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.495176077 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.542568922 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.642277956 CET565150113111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.642493010 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.642541885 CET501135651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.649667978 CET565150113111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.661490917 CET8050114111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.661608934 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.661653996 CET5011480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.667623043 CET8050114111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.684298038 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.690406084 CET565150118111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.690489054 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.699709892 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.705770016 CET8050119111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.705871105 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.814249039 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.816699028 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.816726923 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.816726923 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.816745996 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.816745996 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.822783947 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.822801113 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.822815895 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.822828054 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.823191881 CET805011565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.823359966 CET5011580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.824342966 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.824415922 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.830296040 CET565150118111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.830311060 CET565150118111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.839643955 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.839675903 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:33.845663071 CET8050119111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.845681906 CET8050119111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:33.903301001 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:33.909584999 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:33.909653902 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.042850018 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.042937994 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.048866034 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.048882961 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.408561945 CET565150118111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.408629894 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.408674955 CET501185651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.414649010 CET565150118111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.450009108 CET8050119111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.450069904 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.450114012 CET5011980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.456057072 CET8050119111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.459137917 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.465105057 CET565150121111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.465159893 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.510011911 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.558140039 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.592953920 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.592953920 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:34.598988056 CET565150121111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.599006891 CET565150121111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:34.790018082 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.792716980 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.792716980 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.792716980 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.792805910 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.792805910 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:34.798800945 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.798861027 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.798888922 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.798917055 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.799668074 CET805012065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:34.799730062 CET5012080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:35.188863993 CET565150121111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:35.192653894 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:35.192759037 CET501215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:35.198678017 CET565150121111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:35.525669098 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:35.573837996 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:36.526453972 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:36.573787928 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:37.541915894 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:37.589461088 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.529915094 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.535959959 CET565150122111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.536030054 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.543391943 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.549725056 CET8050123111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.549784899 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.557267904 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.559459925 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:38.565336943 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:38.565401077 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:38.605037928 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.667893887 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.672620058 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.673739910 CET565150122111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.678680897 CET565150122111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.683670998 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.683670998 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:38.689639091 CET8050123111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.689652920 CET8050123111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:38.698965073 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:38.698996067 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:38.704879999 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:38.704962015 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.250766039 CET565150122111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.250842094 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.250880003 CET501225651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.256814003 CET565150122111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.262538910 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.265734911 CET8050123111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.265790939 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.265832901 CET5012380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.268819094 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.268886089 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.271791935 CET8050123111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.402100086 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.402100086 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:39.408324957 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.408371925 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.419019938 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.419255972 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.419255972 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.419255972 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.419255972 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.419256926 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.425263882 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.425309896 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.425338030 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.425370932 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.425646067 CET805012465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:39.425703049 CET5012480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:39.573663950 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:39.620672941 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:40.749846935 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:40.749975920 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:40.750128031 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:40.751106977 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:40.751159906 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:40.751847029 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:40.751892090 CET501255651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:40.752710104 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:40.756866932 CET565150125111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:40.792556047 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:41.604835033 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:41.631179094 CET46550116111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:41.631381035 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:41.631602049 CET50116465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:41.637440920 CET46550116111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:41.648720980 CET55555011765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:41.651660919 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:41.651719093 CET501175555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:41.651905060 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:41.657696009 CET55555011765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:42.605369091 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:42.651920080 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:43.620814085 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:43.667531967 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:44.636464119 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:44.683155060 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.372801065 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.379015923 CET565150127111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.379112005 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.387113094 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.393146992 CET8050128111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.393306971 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.402592897 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.408472061 CET46550129111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.408571005 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.418545961 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.424408913 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.424484968 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.433980942 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.439924002 CET55555013165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.440114975 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.511519909 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.511898041 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.517483950 CET565150127111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.517752886 CET565150127111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.526961088 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.526987076 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.532969952 CET8050128111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.533026934 CET8050128111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.542699099 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.542730093 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:45.548605919 CET46550129111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.548680067 CET46550129111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.558211088 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.558227062 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.564111948 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.564126015 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.574466944 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.574466944 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:45.580554962 CET55555013165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.580580950 CET55555013165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:45.636156082 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:45.683163881 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.104863882 CET565150127111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.108676910 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.108757973 CET501275651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.109759092 CET8050128111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.112379074 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.112471104 CET5012880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.114701033 CET565150127111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.118271112 CET8050128111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.158587933 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.164530039 CET565150132111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.164686918 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.169634104 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.175560951 CET8050133111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.176647902 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.272918940 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.276722908 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.276724100 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.276724100 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.276809931 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.276809931 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.282756090 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.282814026 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.282843113 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.282893896 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.283185005 CET805013065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.288635969 CET5013080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.293350935 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.293351889 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.299336910 CET565150132111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.299621105 CET565150132111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.308206081 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.308234930 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.314202070 CET8050133111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.314230919 CET8050133111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.372090101 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.378017902 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.378087044 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.511682034 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.511682034 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:46.517713070 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.517748117 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:46.651863098 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.698795080 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.883867979 CET8050133111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.884028912 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.884093046 CET5013380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.890003920 CET8050133111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.895524979 CET565150132111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.895598888 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.895689964 CET501325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.901532888 CET565150132111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.918664932 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.924685001 CET565150135111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.924777985 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.934441090 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:46.940432072 CET8050136111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:46.940505981 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.060364962 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.060553074 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.066330910 CET565150135111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.066446066 CET565150135111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.074682951 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.074682951 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.082269907 CET8050136111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.082300901 CET8050136111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.243103027 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.243235111 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.243257999 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.243258953 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.243287086 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.243287086 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.246932030 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.249217987 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.249250889 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.249304056 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.249330997 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.249937057 CET805013465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.249994040 CET5013480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.252835989 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.252899885 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.386377096 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.386646032 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:47.392318964 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.392632961 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:47.637068987 CET565150135111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.637136936 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.637171030 CET501355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.643173933 CET565150135111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.651352882 CET8050136111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.651428938 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.651556969 CET5013680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.657341003 CET8050136111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.667166948 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.684185028 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.690253973 CET565150138111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.690315962 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.699517965 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.705753088 CET8050139111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.705828905 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.714399099 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.823914051 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.823966026 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.829947948 CET565150138111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.829982042 CET565150138111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.839448929 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.839551926 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:47.845279932 CET8050139111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:47.845379114 CET8050139111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.111412048 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.114708900 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.114742994 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.114799023 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.114806890 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.114840984 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.120842934 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.120872974 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.120898962 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.120925903 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.121151924 CET805013765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.122685909 CET5013780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.123653889 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.129734039 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.130740881 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.261454105 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.261455059 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.267750978 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.267784119 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.411084890 CET8050139111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.411159992 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.411202908 CET5013980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.411807060 CET565150138111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.411866903 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.411885023 CET501385651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.417061090 CET8050139111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.417752981 CET565150138111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.450558901 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.456731081 CET565150141111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.458689928 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.466494083 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.472546101 CET8050142111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.472635031 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.589505911 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.590059996 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.595396042 CET565150141111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.595942020 CET565150141111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.605115891 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.606604099 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.610953093 CET8050142111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.612422943 CET8050142111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.683293104 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:48.730062962 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:48.984110117 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.984261036 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.984316111 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.984316111 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.984316111 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.984316111 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.990374088 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.990436077 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.990464926 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.990495920 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.990967035 CET805014065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:48.991022110 CET5014080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:48.998179913 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.004060030 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.004144907 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.136430979 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.138968945 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.142502069 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.145090103 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.163100958 CET565150141111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.163186073 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.163250923 CET501415651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.169224977 CET565150141111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.181718111 CET8050142111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.181935072 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.181989908 CET5014280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.187845945 CET8050142111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.215739012 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.221749067 CET565150144111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.221873999 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.230873108 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.237025976 CET8050145111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.237112045 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.355170965 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.355263948 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.361213923 CET565150144111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.361284018 CET565150144111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.370738029 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.370764971 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.377818108 CET8050145111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.377857924 CET8050145111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.699002028 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.745670080 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.852947950 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.853101015 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.853135109 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.853135109 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.853158951 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.853158951 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.859235048 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.859277964 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.859291077 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.859302044 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.859810114 CET805014365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.859878063 CET5014380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.872170925 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.878263950 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:49.878727913 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:49.946938992 CET565150144111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.947073936 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.947154045 CET501445651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.953252077 CET565150144111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.981262922 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.987171888 CET565150148111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.987277985 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.989871025 CET8050145111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:49.989937067 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.989980936 CET5014580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:49.995968103 CET8050145111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.011665106 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.011665106 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.017539024 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.017702103 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.120804071 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:50.120850086 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:50.127233028 CET565150148111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.127304077 CET565150148111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.697787046 CET565150148111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.697983027 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:50.698080063 CET501485651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:50.704374075 CET565150148111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.714364052 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:50.761329889 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:50.761759043 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.761899948 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.761950016 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.761950016 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.761950016 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.761950016 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:50.767765045 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.767777920 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.767790079 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.767803907 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.768151045 CET805014665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:50.768214941 CET5014680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:51.738220930 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:51.792669058 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:52.745769024 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:52.792609930 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:53.761457920 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:53.808181047 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:53.895890951 CET46550129111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:53.896684885 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:53.896727085 CET50129465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:53.902528048 CET46550129111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:53.952174902 CET55555013165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:53.952267885 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:53.952315092 CET501315555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:53.958247900 CET55555013165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:54.761822939 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:54.808290958 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:55.777364016 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:55.823786020 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.091898918 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.097907066 CET565150149111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.098041058 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.107884884 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.114090919 CET8050150111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.114177942 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.122642994 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.128503084 CET46550151111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.128582954 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.138308048 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.144262075 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.144330978 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.153661013 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.159487963 CET55555015365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.159564018 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.230173111 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.230190992 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.236123085 CET565150149111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.236138105 CET565150149111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.245939016 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.246005058 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.252266884 CET8050150111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.252278090 CET8050150111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.263417006 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.263461113 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.269474983 CET46550151111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.269495964 CET46550151111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.278953075 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.278994083 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.284823895 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.284833908 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.293302059 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.293402910 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:56.299181938 CET55555015365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.299211979 CET55555015365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:56.793148041 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.809643030 CET565150149111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.810694933 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.812623024 CET501495651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.818922997 CET565150149111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.828011990 CET8050150111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.830925941 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.833451986 CET5015080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.839274883 CET8050150111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.839401960 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.874456882 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.880383968 CET565150154111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.880686998 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.896456003 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:56.902471066 CET8050155111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:56.902946949 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.003952980 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.004076958 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.004122019 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.004122019 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.004122019 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.004122019 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.010262012 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.010272980 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.010282040 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.010289907 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.010963917 CET805015265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.011025906 CET5015280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.011797905 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.011797905 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.017743111 CET565150154111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.017752886 CET565150154111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.029849052 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.029906988 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.035654068 CET8050155111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.035662889 CET8050155111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.091175079 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.097028017 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.097141027 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.230123043 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.230123043 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.236084938 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.236148119 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.595134974 CET565150154111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.595374107 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.595433950 CET501545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.601329088 CET565150154111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.624593019 CET8050155111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.624699116 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.624738932 CET5015580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.630544901 CET8050155111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.637654066 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.643564939 CET565150157111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.643651962 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.653027058 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.658849955 CET8050158111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.658951998 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.777071953 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.777127028 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.783093929 CET565150157111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.783109903 CET565150157111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.792638063 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.792694092 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.798547029 CET8050158111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.798569918 CET8050158111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.808775902 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:57.855034113 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:57.957206964 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.957319975 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.957319975 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.957370996 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.957370996 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.957370996 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.963283062 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.963294029 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.963301897 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.963310957 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.963627100 CET805015665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.963694096 CET5015680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.966451883 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:57.972440958 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:57.972533941 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.105427027 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.105552912 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.111393929 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.111406088 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.355828047 CET565150157111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.355899096 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.355953932 CET501575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.361809969 CET565150157111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.380979061 CET8050158111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.381109953 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.381150961 CET5015880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.387064934 CET8050158111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.404170990 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.410242081 CET565150160111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.410366058 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.423525095 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.429369926 CET8050161111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.429435968 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.542581081 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.542581081 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.548557997 CET565150160111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.548633099 CET565150160111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.558252096 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.558274984 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.564125061 CET8050161111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.564145088 CET8050161111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.824242115 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:58.829576969 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.829791069 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.829833984 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.829833984 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.829833984 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.829833984 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.835740089 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.835752964 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.835761070 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.835769892 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.836153984 CET805015965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.836194038 CET5015980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.843156099 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.849010944 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.849070072 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.870672941 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:58.988459110 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.988497972 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:58.994601011 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:58.994627953 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.133749008 CET565150160111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.136668921 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.146703959 CET501605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.152514935 CET565150160111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.158997059 CET8050161111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.159070015 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.159224033 CET5016180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.165026903 CET8050161111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.169322014 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.175251961 CET565150163111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.175399065 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.244278908 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.250185966 CET8050164111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.250283003 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.321279049 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.321279049 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.327877045 CET565150163111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.328386068 CET565150163111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.376003027 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.376614094 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.381925106 CET8050164111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.382347107 CET8050164111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.698508978 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.698731899 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.698812008 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.698822975 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.699018002 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.699042082 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.704651117 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.704696894 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.704705954 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.704796076 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.705178976 CET805016265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.705216885 CET5016280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.716660023 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.722529888 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.722688913 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.840055943 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.856113911 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.856194973 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:38:59.861943007 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.861978054 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:38:59.886291981 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.912194967 CET565150163111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.912281990 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.912450075 CET501635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.918181896 CET565150163111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.935339928 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.941160917 CET565150166111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.941217899 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.982785940 CET8050164111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:38:59.982844114 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.982887030 CET5016480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:38:59.988756895 CET8050164111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.043795109 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.049622059 CET8050167111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.049679041 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.074064970 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.074064970 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.079987049 CET565150166111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.079998016 CET565150166111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.183336973 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.183336973 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.189135075 CET8050167111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.189296961 CET8050167111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.588133097 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.590127945 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.590178967 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.590178967 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.590178967 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.590178967 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.596256018 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.596266985 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.596276045 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.596286058 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.597043991 CET805016565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.597312927 CET5016580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.655733109 CET565150166111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.655839920 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.655885935 CET501665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.661798000 CET565150166111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.705463886 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.711540937 CET565150168111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.715013027 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.715833902 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.721823931 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.722661972 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.750605106 CET8050167111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.750672102 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.750736952 CET5016780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.756589890 CET8050167111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.810473919 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.816709995 CET8050170111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.816971064 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.839591980 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.839612961 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.845669031 CET565150168111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.845690966 CET565150168111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.855200052 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.855221033 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:00.855715990 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.861169100 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.861179113 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:00.901922941 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.949350119 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.949377060 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:00.955280066 CET8050170111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:00.955495119 CET8050170111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.459750891 CET565150168111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.459813118 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.459892035 CET501685651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.465675116 CET565150168111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.466917038 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.472719908 CET565150171111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.472796917 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.526050091 CET8050170111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.526330948 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.526571035 CET5017080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.532421112 CET8050170111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.582290888 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.588285923 CET8050172111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.588368893 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.605308056 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.605309010 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.611320972 CET565150171111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.611334085 CET565150171111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.617650986 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.617765903 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.617765903 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.617821932 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.617856026 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.617872953 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.623714924 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.623724937 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.623734951 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.623771906 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.624430895 CET805016965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.624516010 CET5016980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.684462070 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.690470934 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.692692041 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.714648962 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.714648962 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:01.720815897 CET8050172111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.720829964 CET8050172111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.824827909 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.824827909 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:01.830786943 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.830801964 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:01.871211052 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:01.917553902 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.197390079 CET565150171111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.200695992 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.200783014 CET501715651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.206608057 CET565150171111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.232429981 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.238351107 CET565150174111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.240677118 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.312809944 CET8050172111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.316673994 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.317039967 CET5017280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.322856903 CET8050172111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.340590954 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.346693993 CET8050175111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.350706100 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.370965004 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.370965004 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.376955032 CET565150174111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.376970053 CET565150174111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.480178118 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.480206966 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.486258030 CET8050175111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.486285925 CET8050175111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.548341990 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.549171925 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.549171925 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.549171925 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.549199104 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.549230099 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.555187941 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.555202961 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.555212021 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.555216074 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.555780888 CET805017365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.555953979 CET5017380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.572719097 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.578670979 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.578749895 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.698945045 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.702637911 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:02.704804897 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.708462000 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:02.871052980 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.917547941 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.975189924 CET565150174111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.975241899 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.975334883 CET501745651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:02.981091976 CET565150174111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:02.997273922 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.003206015 CET565150177111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.003304005 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.056740999 CET8050175111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.056803942 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.056866884 CET5017580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.062720060 CET8050175111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.107091904 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.125603914 CET8050178111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.125678062 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.136493921 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.136570930 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.142401934 CET565150177111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.142415047 CET565150177111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.247092009 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.248620033 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.253009081 CET8050178111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.254554987 CET8050178111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.430547953 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.432723999 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.432768106 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.432768106 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.432769060 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.432769060 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.434710979 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.438709021 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.438720942 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.438729048 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.438738108 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.439026117 CET805017665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.440499067 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.440565109 CET5017680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.440599918 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.584186077 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.584186077 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:03.590153933 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.590167999 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:03.737601042 CET565150177111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.737725973 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.737934113 CET501775651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.743660927 CET565150177111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.763891935 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.770167112 CET565150180111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.770251036 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.849181890 CET8050178111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.852660894 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.852699995 CET5017880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.858757973 CET8050178111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.871897936 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.877748966 CET8050181111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.880672932 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.887012005 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.902070999 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.904618025 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:03.907923937 CET565150180111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.910463095 CET565150180111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:03.933161020 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.014812946 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.014961958 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.020653009 CET8050181111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.020674944 CET8050181111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.289593935 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.289911985 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.289946079 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.289946079 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.289958000 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.289988995 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.295845985 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.295860052 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.295869112 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.295881033 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.296334028 CET805017965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.296639919 CET5017980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.310224056 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.316119909 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.316179991 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.448898077 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.448899031 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.454777002 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.454848051 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.489571095 CET565150180111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.491657019 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.491703033 CET501805651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.497549057 CET565150180111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.528208017 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.534193039 CET565150183111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.536667109 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.613778114 CET8050181111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.613827944 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.615171909 CET5018180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.615655899 CET46550151111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.615751028 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.616566896 CET50151465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.621401072 CET8050181111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.622486115 CET46550151111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.639153957 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.645143986 CET8050184111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.645246029 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.653320074 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.659221888 CET46550185111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.659332991 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.667871952 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.667884111 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.670888901 CET55555015365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.670963049 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.671006918 CET501535555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.673868895 CET565150183111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.673878908 CET565150183111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.676821947 CET55555015365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.746707916 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.752573967 CET55555018665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.752669096 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.777367115 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.777388096 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.783287048 CET8050184111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.783339977 CET8050184111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.792623043 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.792649984 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:04.798666954 CET46550185111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.798676968 CET46550185111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.886662960 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.886663914 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:04.892613888 CET55555018665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.892692089 CET55555018665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:04.902307987 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:04.949096918 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.165671110 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.167779922 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.167815924 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.167815924 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.167824984 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.167979002 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.173758984 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.173783064 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.173791885 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.173872948 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.174407005 CET805018265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.174453974 CET5018280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.186091900 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.191989899 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.192091942 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.247037888 CET565150183111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.251343012 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.251343966 CET501835651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.257227898 CET565150183111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.321021080 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.324428082 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.324459076 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:05.327033043 CET565150188111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.327145100 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.330730915 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.330748081 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:05.358393908 CET8050184111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.358875990 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.358875990 CET5018480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.364800930 CET8050184111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.404426098 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.410337925 CET8050189111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.410413027 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.448940039 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.448940039 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.454875946 CET565150188111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.454900980 CET565150188111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.542633057 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.542633057 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:05.548685074 CET8050189111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.548710108 CET8050189111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.902847052 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:05.948848009 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.045960903 CET565150188111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.048687935 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.048810005 CET501885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.054580927 CET565150188111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.061755896 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.064588070 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.064857006 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.064883947 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.064883947 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.064893007 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.064920902 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.067631960 CET565150190111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.067817926 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.070729017 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.070741892 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.070753098 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.070760965 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.071115017 CET805018765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:06.071161032 CET5018780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:06.128603935 CET8050189111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.128691912 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.128732920 CET5018980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.134619951 CET8050189111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.199338913 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.200648069 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.205311060 CET565150190111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.206618071 CET565150190111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.797116995 CET565150190111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.797476053 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.797610998 CET501905651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:06.803401947 CET565150190111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.918560982 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:06.964448929 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:07.936625957 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:07.980056047 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.107091904 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.113070965 CET565150191111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.116673946 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.121774912 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.127739906 CET8050192111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.128667116 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.138245106 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:08.144097090 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:08.144676924 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:08.246377945 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.246378899 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.252294064 CET565150191111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.252309084 CET565150191111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.261533976 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.261604071 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.267561913 CET8050192111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.267582893 CET8050192111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.277565002 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:08.277832031 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:08.283901930 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:08.283962011 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:08.842071056 CET565150191111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.844724894 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.844782114 CET501915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.850713968 CET565150191111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.856004953 CET8050192111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.856683969 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.856766939 CET5019280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.862762928 CET8050192111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.904205084 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.910279989 CET565150194111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.910355091 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.919504881 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.925405025 CET8050195111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.925474882 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:08.933944941 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:08.980061054 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.032418013 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.032572985 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.032573938 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.032573938 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.032697916 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.032697916 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.038681984 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.038696051 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.038705111 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.038713932 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.039114952 CET805019365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.039166927 CET5019380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.044658899 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.044743061 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.050679922 CET565150194111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.050707102 CET565150194111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.058352947 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.058439970 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.066180944 CET8050195111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.066195011 CET8050195111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.123481035 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.129497051 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.129591942 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.261615038 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.261656046 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.267664909 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.267690897 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.627419949 CET565150194111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.627837896 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.627943993 CET501945651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.633845091 CET565150194111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.665870905 CET8050195111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.666081905 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.666187048 CET5019580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.671147108 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.672095060 CET8050195111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.677309036 CET565150197111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.677427053 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.684670925 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.690836906 CET8050198111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.690929890 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.809104919 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.809235096 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.815176964 CET565150197111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.815202951 CET565150197111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.829631090 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.830235004 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.835805893 CET8050198111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.836205959 CET8050198111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.949826956 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:09.989753962 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.992357016 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.992357016 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.992851019 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.992907047 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.992961884 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:09.995695114 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:09.998229980 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.998373985 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.998770952 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:09.998816967 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:10.000137091 CET805019665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:10.000298023 CET5019680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:10.332552910 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:10.338532925 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:10.338603973 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:10.373281002 CET565150197111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:10.373613119 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:10.373613119 CET501975651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:10.379931927 CET565150197111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:10.431170940 CET8050198111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:10.431680918 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:10.431720972 CET5019880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:10.437623024 CET8050198111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:10.465773106 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:10.465801001 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:10.471740961 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:10.472063065 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:10.965322971 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.105083942 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.186810970 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.186932087 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.186966896 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.186966896 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.186986923 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.186986923 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.192926884 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.192936897 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.192945004 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.192955971 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.193644047 CET805019965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.193697929 CET5019980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.231332064 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.238260031 CET565150200111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.239063025 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.246566057 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.252582073 CET8050201111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.255456924 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.262665987 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.268980026 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.269046068 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.370750904 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.370855093 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.376646996 CET565150200111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.376660109 CET565150200111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.386702061 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.386703014 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.392679930 CET8050201111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.392703056 CET8050201111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.402867079 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.402894020 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:11.408823967 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.408849001 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:11.955600977 CET565150200111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.955924988 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.956054926 CET502005651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.961911917 CET565150200111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.965549946 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.971467972 CET565150203111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.971543074 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.981370926 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.989418983 CET8050201111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:11.992651939 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.992683887 CET5020180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:11.998437881 CET8050201111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.080399036 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.086357117 CET8050204111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.086422920 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.105047941 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.105535030 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.105804920 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.111579895 CET565150203111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.111944914 CET565150203111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.123459101 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.123558998 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.123574972 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.123574972 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.123600960 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.123600960 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.129410028 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.129420996 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.129429102 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.129437923 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.130006075 CET805020265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.130055904 CET5020280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.184781075 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.190778017 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.192698956 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.214548111 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.216638088 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.220465899 CET8050204111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.222637892 CET8050204111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.324100971 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.324100971 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:12.330008984 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.330029964 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:12.697513103 CET565150203111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.697866917 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.749135971 CET502035651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.755003929 CET565150203111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.808303118 CET8050204111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.811114073 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.914136887 CET5020480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:12.920591116 CET8050204111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:12.996912003 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.002490044 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.003153086 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.008586884 CET565150206111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.008655071 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.009135962 CET8050207111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.009217978 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.039354086 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.039474964 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.039474964 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.039474964 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.039474964 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.039544106 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.046155930 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.046195030 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.046236038 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.046246052 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.046551943 CET805020565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.046606064 CET5020580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.059462070 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.065601110 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.065689087 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.136512041 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.136512041 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.136626959 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.136626959 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.142656088 CET565150206111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.142671108 CET565150206111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.142683983 CET8050207111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.142693043 CET8050207111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.162516117 CET46550185111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.162576914 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.162616014 CET50185465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.167766094 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.168445110 CET46550185111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.169230938 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.175189018 CET46550209111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.175282955 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.198899031 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.198991060 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.205014944 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.205037117 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.235498905 CET55555018665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.238368988 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.238539934 CET501865555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.244467020 CET55555018665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.278439999 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.284461021 CET55555021065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.284554005 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.308501005 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.308501005 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.314445019 CET46550209111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.315272093 CET46550209111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.417947054 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.417982101 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.424210072 CET55555021065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.424231052 CET55555021065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.743592024 CET8050207111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.743669987 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.743683100 CET565150206111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.743762016 CET5020780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.743789911 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.744003057 CET502065651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.749728918 CET8050207111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.749795914 CET565150206111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.825086117 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.830938101 CET565150211111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.830992937 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.840467930 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.846307993 CET8050212111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.846368074 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.947248936 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.947349072 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.947349072 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.947386026 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.947452068 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.947474957 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.953327894 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.953350067 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.953358889 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.953367949 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.954240084 CET805020865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:13.954464912 CET5020880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:13.964524031 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.964535952 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.970511913 CET565150211111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.970531940 CET565150211111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.980313063 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.980411053 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:13.986107111 CET8050212111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:13.986160040 CET8050212111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.012660980 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.043956041 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.049882889 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.050695896 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.183496952 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.183532953 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.189477921 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.189491987 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.198844910 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.552041054 CET565150211111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.552159071 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.552325010 CET502115651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.558103085 CET565150211111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.570538044 CET8050212111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.570754051 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.570801020 CET5021280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.576585054 CET8050212111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.590574026 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.596596956 CET565150214111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.600672007 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.606529951 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.612349987 CET8050215111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.616693974 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.730218887 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.730678082 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.736254930 CET565150214111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.736610889 CET565150214111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.745897055 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.746781111 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:14.751755953 CET8050215111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.752644062 CET8050215111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:14.964818001 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.965001106 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.965039968 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.965039968 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.965039968 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.965039968 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:14.970897913 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.970907927 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.970916033 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.970925093 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.971402884 CET805021365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:14.971463919 CET5021380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.027805090 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.036813974 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.043951035 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.044030905 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.167710066 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.171474934 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.174058914 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.177510023 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.199045897 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.329387903 CET565150214111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.329653025 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.329689980 CET502145651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.335511923 CET565150214111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.337492943 CET8050215111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.337564945 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.337786913 CET5021580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.343568087 CET8050215111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.359630108 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.365494967 CET565150217111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.368674994 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.372951031 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.378772020 CET8050218111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.382680893 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.499089003 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.503001928 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.505059958 CET565150217111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.509057045 CET565150217111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.511832952 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.515466928 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:15.517774105 CET8050218111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.521538019 CET8050218111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:15.899362087 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.899588108 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.899630070 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.899630070 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.899630070 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.899844885 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.903536081 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.905517101 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.905528069 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.905535936 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.905596972 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.906157017 CET805021665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.906209946 CET5021680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:15.909559965 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:15.909697056 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.029273987 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.042648077 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.042678118 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.048634052 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.048645973 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.086724997 CET8050218111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.086806059 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.086850882 CET5021880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.087173939 CET565150217111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.087232113 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.087264061 CET502175651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.092725039 CET8050218111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.093082905 CET565150217111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.121934891 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.128035069 CET565150221111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.128122091 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.137336016 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.143416882 CET8050222111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.143507957 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.198838949 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.261421919 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.261423111 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.267375946 CET565150221111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.267400980 CET565150221111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.277693987 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.278718948 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.283622980 CET8050222111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.284538031 CET8050222111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.790891886 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.794720888 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.794763088 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.794763088 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.794763088 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.794763088 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.800801992 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.800815105 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.800823927 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.800832033 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.801183939 CET805021965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.802725077 CET5021980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.851819992 CET8050222111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.853663921 CET565150221111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.854928017 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.854968071 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.854980946 CET5022280192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.855103016 CET502215651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.860899925 CET8050222111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.860979080 CET565150221111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.889589071 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.895546913 CET565150223111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.895615101 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.904247999 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.910135031 CET8050224111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:16.910202980 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:16.920171022 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:16.927685976 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:16.927789927 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.034841061 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.034923077 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.040916920 CET565150223111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.040932894 CET565150223111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.044110060 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.044110060 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.044918060 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.050173998 CET8050224111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.050187111 CET8050224111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.060884953 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.061305046 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.066827059 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.067121029 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.092425108 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.623055935 CET565150223111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.623121023 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.623270035 CET502235651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.628993034 CET565150223111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.631184101 CET8050224111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.631248951 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.631333113 CET5022480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.637244940 CET8050224111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.658051014 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.664149046 CET565150226111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.664225101 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.669435978 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.675333977 CET8050227111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.675400972 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.776361942 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.776525974 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.776571035 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.776571035 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.776571989 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.776592970 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.783132076 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.783147097 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.783158064 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.783215046 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.783533096 CET805022565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.783572912 CET5022580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.793504953 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.794070005 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.799453974 CET565150226111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.800087929 CET565150226111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.808394909 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.808440924 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:17.814409971 CET8050227111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.814498901 CET8050227111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:17.871865988 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:17.877840996 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:17.878808022 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.011733055 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.011734009 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.018088102 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.018102884 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.060487986 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.198829889 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.380440950 CET565150226111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.384728909 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.384776115 CET502265651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.392398119 CET565150226111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.397732973 CET8050227111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.400676966 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.400729895 CET5022780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.407149076 CET8050227111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.419469118 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.425447941 CET565150229111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.425676107 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.434849024 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.441144943 CET8050230111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.444734097 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.558361053 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.558643103 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.564265966 CET565150229111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.564430952 CET565150229111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.575011969 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.575011969 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:18.580945015 CET8050230111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.580959082 CET8050230111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:18.740174055 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.740910053 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.740910053 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.740910053 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.740978003 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.740978003 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.746958017 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.746973038 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.746989965 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.746999025 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.747610092 CET805022865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.748686075 CET5022880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.753057003 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.758935928 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.759031057 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.886461020 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.887584925 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:18.892399073 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:18.893384933 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.076076984 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.156116962 CET565150229111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.156692982 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.156747103 CET502295651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.162579060 CET565150229111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.167829037 CET8050230111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.167876005 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.167932987 CET5023080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.173742056 CET8050230111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.184509039 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.190562010 CET565150232111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.192676067 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.198817968 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.199712992 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.205763102 CET8050233111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.207581043 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.323981047 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.324640036 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.330399036 CET565150232111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.330507040 CET565150232111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.339550018 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.340636969 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.345479012 CET8050233111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.346822977 CET8050233111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.632157087 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.632308006 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.632397890 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.632397890 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.632397890 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.632399082 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.638631105 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.638679981 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.638689041 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.638710022 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.640053034 CET805023165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.640126944 CET5023180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.754714966 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.761864901 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.761941910 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.886423111 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.886424065 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:19.892514944 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.892780066 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:19.919064999 CET565150232111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.920734882 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.920734882 CET502325651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.925834894 CET8050233111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.927932978 CET565150232111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.928025961 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.928107977 CET5023380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.935375929 CET8050233111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.950700998 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.956607103 CET565150235111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.956684113 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.967139959 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:19.973234892 CET8050236111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:19.973293066 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.089874983 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.089874983 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.091500044 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.096991062 CET565150235111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.097002029 CET565150235111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.114216089 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.114216089 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.120125055 CET8050236111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.120137930 CET8050236111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.198847055 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.651424885 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.652779102 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.652780056 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.652780056 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.652780056 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.652883053 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.656490088 CET565150235111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.656570911 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.656606913 CET502355651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.658778906 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.658788919 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.658797979 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.658806086 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.659646988 CET805023465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.660680056 CET5023480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.662401915 CET565150235111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.695661068 CET8050236111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.696711063 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.696785927 CET5023680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.702662945 CET8050236111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.715822935 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.721836090 CET565150237111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.724689960 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.731148958 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.737158060 CET8050238111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.740808010 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.748087883 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.754345894 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.756791115 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.855442047 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.856637001 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.861588955 CET565150237111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.862791061 CET565150237111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.871407986 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.871408939 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:20.877460957 CET8050238111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.877491951 CET8050238111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:20.886395931 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.888637066 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:20.892328978 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:20.894570112 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.107455969 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.198843956 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.463047981 CET8050238111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.463140965 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.463226080 CET5023880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.470721006 CET8050238111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.470956087 CET565150237111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.471016884 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.471071005 CET502375651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.476846933 CET565150237111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.506441116 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.506613016 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.514504910 CET565150240111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.514556885 CET8050241111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.514622927 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.514693975 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.613769054 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.613917112 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.613917112 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.613954067 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.613979101 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.614077091 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.622996092 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.623030901 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.623040915 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.623049021 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.623466015 CET805023965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.623549938 CET5023980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.636637926 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.636637926 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.636683941 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.636683941 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.645817041 CET8050241111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.645828009 CET8050241111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.645837069 CET565150240111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.645914078 CET565150240111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.661912918 CET46550209111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.662875891 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.662956953 CET50209465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.669827938 CET46550209111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.700192928 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.706335068 CET46550242111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.707176924 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.715456963 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.722981930 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.726906061 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.771768093 CET55555021065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.771820068 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.771898031 CET502105555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.777719021 CET55555021065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.813349962 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.819221020 CET55555024465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.819294930 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.839579105 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.839623928 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:21.845632076 CET46550242111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.845643044 CET46550242111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:21.856471062 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.856549978 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.862323046 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.862334013 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.948945045 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.948976994 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:21.955125093 CET55555024465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:21.955142975 CET55555024465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.122648001 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.198862076 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.233522892 CET8050241111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.234800100 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.238843918 CET565150240111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.238892078 CET5024180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.238939047 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.238997936 CET502405651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.244793892 CET8050241111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.244815111 CET565150240111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.246936083 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.252877951 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.255140066 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.262509108 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.268441916 CET8050246111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.268521070 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.386441946 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.386512041 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.392987967 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.393007040 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.402113914 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.402113914 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.408134937 CET8050246111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.408145905 CET8050246111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.603615999 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.603842020 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.603842020 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.603879929 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.603879929 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.603899002 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.610208988 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.610219002 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.610228062 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.610235929 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.610851049 CET805024365.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.610938072 CET5024380192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.686764002 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.692724943 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.693123102 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.824379921 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.824381113 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:22.830332041 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.830343962 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:22.985430002 CET8050246111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:22.985565901 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.985652924 CET5024680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:22.991547108 CET8050246111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.012583017 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.019047976 CET8050248111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.019169092 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.138272047 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.152467966 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.152749062 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.158417940 CET8050248111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.158529997 CET8050248111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.198841095 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.555001020 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.555258989 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.555258989 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.555299044 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.555299044 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.555619955 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.561142921 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.561165094 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.561176062 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.561183929 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.562149048 CET805024765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.562191963 CET5024780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.563568115 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.569741011 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.569814920 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.698996067 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.698996067 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:23.705141068 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.705156088 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:23.748258114 CET8050248111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.748356104 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.748395920 CET5024880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.754745007 CET8050248111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.780011892 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.786256075 CET8050250111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.786331892 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.917805910 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.920638084 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:23.923741102 CET8050250111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:23.926522970 CET8050250111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.292264938 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.292351007 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.292455912 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.292583942 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.292911053 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.292960882 CET502455651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.298564911 CET565150245111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.325278997 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.331356049 CET565150251111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.332689047 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.339446068 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.429249048 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.429528952 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.429552078 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.429558992 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.429569960 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.429661989 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.435507059 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.435517073 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.435524940 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.435534000 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.436170101 CET805024965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.436412096 CET5024980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.437958956 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.443821907 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.443873882 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.464772940 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.464772940 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.470743895 CET565150251111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.470765114 CET565150251111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.518244982 CET8050250111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.518831015 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.518933058 CET5025080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.524801970 CET8050250111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.544302940 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.550160885 CET8050253111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.550265074 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.575259924 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.576630116 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:24.581190109 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.582504988 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:24.683284998 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.683398962 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:24.689398050 CET8050253111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:24.689412117 CET8050253111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.050867081 CET565150251111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.052706957 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.052798033 CET502515651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.058689117 CET565150251111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.090517998 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.096560001 CET565150254111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.099049091 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.154567003 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.198822021 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.230164051 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.230190039 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.236557007 CET565150254111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.236591101 CET565150254111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.258816004 CET8050253111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.259190083 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.259294033 CET5025380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.265125036 CET8050253111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.299940109 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.300755024 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.300755024 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.300755024 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.300755978 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.300822020 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.306768894 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.306802034 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.306829929 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.306869030 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.307080030 CET805025265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.307137012 CET5025280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.309468985 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.315330029 CET8050255111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.316695929 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.324680090 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.330796957 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.332690954 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.449668884 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.449670076 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.455749035 CET8050255111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.455780983 CET8050255111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.464632034 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.464632034 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:25.471179962 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.471307993 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:25.827040911 CET565150254111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.827130079 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.827163935 CET502545651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.833060980 CET565150254111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.856439114 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.862531900 CET565150257111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:25.862637997 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.995897055 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:25.996646881 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.001760960 CET565150257111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.002454042 CET565150257111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.051739931 CET8050255111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.052726030 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.052838087 CET5025580192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.058808088 CET8050255111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.075922966 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.081955910 CET8050258111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.082039118 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.169997931 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.214469910 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.214541912 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.214554071 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.214624882 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.214629889 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.214658022 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.214658022 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.214658022 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.214685917 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.220535994 CET8050258111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220546961 CET8050258111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220566988 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220581055 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220587015 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220592022 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.220863104 CET805025665.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.224674940 CET5025680192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.296036959 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.302148104 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.302258968 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.433455944 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.436651945 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:26.440800905 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.443470001 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:26.750499964 CET565150257111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.752742052 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.752823114 CET502575651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.758793116 CET565150257111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.813524961 CET8050258111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.813795090 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.813854933 CET5025880192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.819787025 CET8050258111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.841021061 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.847012043 CET565150260111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.847290039 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.856868982 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.862823009 CET8050261111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.862900019 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.980351925 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.980351925 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.986320019 CET565150260111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.986334085 CET565150260111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:26.995925903 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:26.995925903 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.001915932 CET8050261111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.001981974 CET8050261111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.162036896 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.162375927 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.162377119 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.162475109 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.162475109 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.162475109 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.168426991 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.168437004 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.168543100 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.168551922 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.168957949 CET805025965.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.169028044 CET5025980192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.174823046 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.180874109 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.181001902 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.186904907 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.230073929 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.310061932 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.310103893 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:27.316143036 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.316176891 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:27.578063011 CET565150260111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.580635071 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.588675976 CET8050261111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.592681885 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.642083883 CET502605651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.642543077 CET5026180192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.647407055 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.647996902 CET565150260111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.648447990 CET8050261111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.653302908 CET565150263111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.656685114 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.798281908 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.798367977 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.798958063 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.804171085 CET565150263111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.804182053 CET565150263111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.804740906 CET8050264111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.804944992 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.933732033 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.933732033 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:27.939846039 CET8050264111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:27.940063000 CET8050264111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.023994923 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.024574995 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.024605036 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.024605036 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.024637938 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.024637938 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.031207085 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.031219006 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.031227112 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.031235933 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.031933069 CET805026265.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.032001019 CET5026280192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.045057058 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.051690102 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.051826000 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.184468985 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.184468985 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.190562963 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.190594912 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.201370955 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.339468002 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.363526106 CET565150263111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.363585949 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.363718987 CET502635651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.369596004 CET565150263111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.371964931 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.377888918 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.378050089 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.511416912 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.511418104 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.517484903 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.517510891 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.518153906 CET8050264111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.520909071 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.520909071 CET5026480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.526907921 CET8050264111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.590783119 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.596729040 CET8050267111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.600711107 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.731024981 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.731025934 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:28.737133980 CET8050267111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.738326073 CET8050267111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:28.893948078 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.894083023 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.894114017 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.894114017 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.894222975 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.894222975 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.900755882 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.900768995 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.900938988 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.901189089 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.901638985 CET805026565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.901933908 CET5026580192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.919756889 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:28.925728083 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:28.925796986 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.058695078 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.058779955 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.448901892 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.534989119 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.535280943 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.535774946 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.535784960 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.535881996 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.536007881 CET8050267111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.536065102 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.536628008 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.536684036 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.536739111 CET5026780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.536823034 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.536976099 CET502665651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.537075996 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.540683031 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.542690039 CET565150266111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.542748928 CET8050267111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.577518940 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.583641052 CET565150269111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.583692074 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.590724945 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.596666098 CET8050270111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.597093105 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.714952946 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.715454102 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.720747948 CET565150269111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.721575975 CET565150269111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.731087923 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.731108904 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:29.736862898 CET8050270111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.737238884 CET8050270111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:29.775715113 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.775835991 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.775856018 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.775856018 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.775871038 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.775895119 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.781718016 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.781727076 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.781735897 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.781744957 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.782248974 CET805026865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.782285929 CET5026880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.794306040 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.800182104 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.800395966 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.937632084 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.937665939 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:29.943624020 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:29.943893909 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.197149992 CET46550242111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.197211027 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.197273970 CET50242465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.203741074 CET46550242111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.219053984 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.298341990 CET565150269111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.300719023 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.301625013 CET502695651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.307117939 CET55555024465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.307692051 CET565150269111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.307794094 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.309870958 CET502445555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.315727949 CET55555024465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.336468935 CET8050270111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.336694956 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.337255001 CET5027080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.339462042 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.343070030 CET8050270111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.493449926 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.493956089 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.494065046 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.494142056 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.499458075 CET46550272111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.499558926 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.499733925 CET565150273111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.499774933 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.499838114 CET8050274111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.499882936 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.499947071 CET55555027565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.499998093 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.613178968 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.613179922 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.613944054 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.613950968 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.613951921 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.613987923 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.613987923 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.614140987 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:30.619352102 CET55555027565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.619498968 CET55555027565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.619949102 CET8050274111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.620019913 CET565150273111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.620048046 CET8050274111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.620078087 CET46550272111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.620105028 CET565150273111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.620136976 CET46550272111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:30.643224001 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.644821882 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.644821882 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.644942045 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.644942045 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.644942045 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:30.651009083 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.651036024 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.651046038 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.651056051 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.651551008 CET805027165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:30.652141094 CET5027180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:31.198554039 CET565150273111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.198651075 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.198739052 CET502735651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.204900026 CET565150273111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.218941927 CET8050274111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.219007969 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.219095945 CET5027480192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.225056887 CET8050274111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.234482050 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.433197975 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.467681885 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.473726034 CET565150276111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.473804951 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.500113010 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.501039028 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:31.506151915 CET8050277111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.506968021 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:31.507052898 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.507639885 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:31.605220079 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.607676029 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.613344908 CET565150276111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.613770008 CET565150276111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.636842012 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:31.636890888 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:31.637219906 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.637229919 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:31.642918110 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:31.643032074 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:31.643136978 CET8050277111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:31.643146038 CET8050277111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.203269005 CET565150276111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.203397989 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.203633070 CET502765651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.209490061 CET565150276111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.229203939 CET8050277111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.229336023 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.229398012 CET5027780192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.235217094 CET8050277111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.249838114 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.311513901 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.317698002 CET565150279111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.320693016 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.325016975 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.331043959 CET8050280111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.336626053 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.339462996 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.366045952 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.368771076 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.368814945 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.368815899 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.368815899 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.368815899 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.374650002 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.374661922 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.374670982 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.374758959 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.375336885 CET805027865.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.375392914 CET5027880192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.418864965 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.424865961 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.428740025 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.449090958 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.449090958 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.455163002 CET565150279111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.455179930 CET565150279111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.466418982 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.466418982 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:32.472510099 CET8050280111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.472687006 CET8050280111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:32.559323072 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.559359074 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:32.566390991 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:32.566420078 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.027812004 CET565150279111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.028692007 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.037182093 CET8050280111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.037770987 CET502795651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.037828922 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.041510105 CET5028080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.043677092 CET565150279111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.047545910 CET8050280111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.093374014 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.093674898 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.099639893 CET565150282111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.099694014 CET8050283111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.099735022 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.099739075 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.243230104 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.243263960 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.243305922 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.243305922 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.249386072 CET8050283111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.249424934 CET8050283111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.249454021 CET565150282111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.249481916 CET565150282111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.265862942 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.283760071 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.283904076 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.283930063 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.283956051 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.283956051 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.283991098 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.289769888 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.289838076 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.289868116 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.289917946 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.290532112 CET805028165.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.290594101 CET5028180192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.294209957 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.300570965 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.300637007 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.339467049 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.433420897 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.433422089 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:33.439562082 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.439614058 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:33.815794945 CET565150282111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.815948963 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.816011906 CET502825651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.817359924 CET8050283111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.817452908 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.817545891 CET5028380192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.821801901 CET565150282111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.823327065 CET8050283111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.915473938 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.915549040 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.921416044 CET565150285111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.921439886 CET8050286111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:33.921493053 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:33.921516895 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.044528008 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.044569016 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.044579983 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.044605017 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.050745010 CET8050286111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.050770998 CET8050286111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.050781012 CET565150285111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.050789118 CET565150285111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.185904026 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.187050104 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.187088966 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.187088966 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.187100887 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.187366962 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.192946911 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.192955971 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.192964077 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.193075895 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.193530083 CET805028465.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.193623066 CET5028480192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.265950918 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.279349089 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.285267115 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.285340071 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.324417114 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.418431044 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.418670893 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:34.424518108 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.425098896 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:34.643429995 CET8050286111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.643516064 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.643652916 CET5028680192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.644939899 CET565150285111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.645010948 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.645222902 CET502855651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.649389029 CET8050286111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.650955915 CET565150285111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.716567039 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.722424984 CET565150288111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.722807884 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.743938923 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.750303984 CET8050289111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.750366926 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.857839108 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.857876062 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.863923073 CET565150288111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.864077091 CET565150288111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.877379894 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.877379894 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:34.883445978 CET8050289111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:34.883485079 CET8050289111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.143415928 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.143685102 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.143732071 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.143732071 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.143732071 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.143759966 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.150152922 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.150188923 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.150350094 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.150379896 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.150495052 CET805028765.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.150882959 CET5028780192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.153263092 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.159276009 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.160001993 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.281632900 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.292953014 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.292953014 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:35.298974991 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.299057961 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:35.339442015 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.466751099 CET565150288111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.466826916 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.466855049 CET502885651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.472841978 CET565150288111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.481369019 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.487319946 CET565150291111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.487436056 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.489087105 CET8050289111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.489223003 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.489320993 CET5028980192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.495232105 CET8050289111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.620940924 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.623760939 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:35.626844883 CET565150291111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:35.629550934 CET565150291111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:36.020236969 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:36.145333052 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:36.146790981 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:36.215590954 CET565150291111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:36.215781927 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:36.281836987 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:36.339443922 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:37.283890009 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:37.339445114 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:38.130501986 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.130501986 CET502915651192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:38.130501986 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.130678892 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.130726099 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.130726099 CET5029080192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.136910915 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.136971951 CET565150291111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:38.137006998 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.137034893 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.137062073 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.137089014 CET805029065.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.298676968 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:38.339441061 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:38.979034901 CET46550272111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:38.979197025 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:38.979197025 CET50272465192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:38.985285997 CET46550272111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:38.986260891 CET55555027565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:38.986377954 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.986377954 CET502755555192.168.2.665.21.245.7
                                                                              Oct 30, 2024 22:39:38.992557049 CET55555027565.21.245.7192.168.2.6
                                                                              Oct 30, 2024 22:39:39.313852072 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:39.356648922 CET497868080192.168.2.6111.90.140.76
                                                                              Oct 30, 2024 22:39:40.329565048 CET808049786111.90.140.76192.168.2.6
                                                                              Oct 30, 2024 22:39:40.386327028 CET497868080192.168.2.6111.90.140.76

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Oct 30, 2024 22:37:40.764496088 CET5509653192.168.2.61.1.1.1

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Oct 30, 2024 22:37:40.764496088 CET192.168.2.61.1.1.10x7b6dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Oct 30, 2024 22:37:40.773577929 CET1.1.1.1192.168.2.60x7b6dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 30, 2024 22:37:48.632395983 CET1.1.1.1192.168.2.60x519No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:37:48.632395983 CET1.1.1.1192.168.2.60x519No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.37A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.22A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.42A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.39A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.38A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.27A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:34.052417994 CET1.1.1.1192.168.2.60x649fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.40A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.23A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.19A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.38A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.22A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.37A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.35A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:38:49.892594099 CET1.1.1.1192.168.2.60x2202No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.22A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:39:10.339526892 CET1.1.1.1192.168.2.60x9c24No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:39:10.339526892 CET1.1.1.1192.168.2.60x9c24No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:39:34.492718935 CET1.1.1.1192.168.2.60xb54fNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                              Oct 30, 2024 22:39:34.492718935 CET1.1.1.1192.168.2.60xb54fNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • armmf.adobe.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.649787111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:49.661247969 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:49.661269903 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.64978965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:49.768898964 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:49.771640062 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:50.395867109 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:49 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:50.396013975 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:50.396044970 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:50.396044970 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:50.396059036 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.649797111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:50.795167923 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:50.795454025 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              3192.168.2.64979865.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:50.798233986 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:50.798249960 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:51.547911882 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:50 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:51.548060894 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:51.548060894 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:51.548062086 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:51.548140049 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              4192.168.2.649805111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:51.839538097 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:51.839561939 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              5192.168.2.64980665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:51.855794907 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:51.855808020 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:52.607168913 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:51 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:52.607296944 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:52.607325077 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:52.607331991 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:52.607348919 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              6192.168.2.649816111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:52.911115885 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:52.911149025 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              7192.168.2.64981765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:52.922277927 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:52.922297001 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:53.671948910 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:52 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:53.672089100 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:53.672112942 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:53.672128916 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:53.672142982 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              8192.168.2.649824111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:53.965255976 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:53.965312004 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              9192.168.2.64982565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:53.981199980 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:53.981199980 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:54.699486971 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:53 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:54.699615002 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:54.699640989 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:54.700037956 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:54.700097084 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              10192.168.2.649829111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:54.782145977 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:54.782231092 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              11192.168.2.64983365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:55.083396912 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:55.083478928 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:55.965658903 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:54 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:55.965800047 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:55.965830088 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:55.965862989 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:55.965862989 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              12192.168.2.649841111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:56.245887041 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:56.246076107 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              13192.168.2.64984265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:37:56.261514902 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:56.261600018 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:56.978071928 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:37:56 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:37:56.978203058 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:56.978231907 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:37:56.978301048 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:37:56.978324890 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              14192.168.2.649891111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:05.120965958 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.121052980 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              15192.168.2.64989465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:05.152194023 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.152211905 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.869683981 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:04 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:05.869805098 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.869823933 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.869831085 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:05.869848967 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              16192.168.2.649900111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:05.949028015 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:05.949054956 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              17192.168.2.64990265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:06.042792082 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.042813063 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.772284985 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:04 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:06.772456884 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.772456884 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.772510052 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:06.772566080 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              18192.168.2.649908111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:06.714745045 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.714783907 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              19192.168.2.64991065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:06.917656898 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:06.917777061 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:07.636197090 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:06 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:07.636620998 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:07.636620998 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:07.636703014 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:07.636703014 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              20192.168.2.649916111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:07.480205059 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:07.480205059 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              21192.168.2.64991865.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:07.792679071 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:07.792679071 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:08.501873016 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:06 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:08.501998901 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:08.501998901 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:08.502074957 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:08.502074957 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              22192.168.2.649924111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:08.245877981 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:08.245907068 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              23192.168.2.64992665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:08.667717934 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:08.667717934 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.391160011 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:08 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:09.391302109 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.391302109 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.391303062 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:09.391388893 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              24192.168.2.649931111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:09.011432886 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.011432886 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              25192.168.2.64993465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:09.542725086 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.542781115 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:10.254131079 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:09 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:10.254236937 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:10.254252911 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:10.254261017 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:10.254267931 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              26192.168.2.649939111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:09.777019978 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:09.777040958 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              27192.168.2.64994265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:10.417608976 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:10.417676926 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:11.144275904 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:09 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:11.144395113 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:11.144413948 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:11.144413948 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:11.144426107 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              28192.168.2.649944111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:10.542711020 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:10.542785883 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              29192.168.2.649949111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:11.308842897 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:11.308842897 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              30192.168.2.64995065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:11.323893070 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:11.323893070 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.064627886 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:10 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:12.064781904 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.064781904 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.064781904 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:12.064781904 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              31192.168.2.649956111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:12.073848009 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.073892117 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              32192.168.2.64995865.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:12.276971102 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.276971102 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.025109053 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:11 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:13.025276899 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.025307894 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.025307894 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:13.025307894 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              33192.168.2.649964111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:12.839659929 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:12.839706898 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              34192.168.2.64996765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:13.262042046 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.262226105 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.988059044 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:12 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:13.988210917 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.988210917 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.988210917 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:13.988291025 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              35192.168.2.649972111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:13.605317116 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:13.605317116 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              36192.168.2.64997765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:14.136888027 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:14.136915922 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:14.863517046 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:13 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:14.863661051 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:14.863661051 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:14.863688946 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:14.863688946 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              37192.168.2.649981111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:14.370767117 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:14.370834112 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              38192.168.2.64998565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:15.011395931 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.011466980 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.732486010 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:14 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:15.732598066 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.732646942 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.732646942 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:15.732671976 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              39192.168.2.649988111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:15.136573076 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.136573076 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              40192.168.2.649995111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:15.902018070 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.902038097 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              41192.168.2.64999665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:15.917874098 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:15.917996883 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:16.646450043 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:14 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:16.651235104 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:16.651271105 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:16.651271105 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:16.651288986 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              42192.168.2.650002111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:16.714694977 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:16.714694977 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              43192.168.2.65000465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:16.870743990 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:16.870771885 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:17.596580982 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:16 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:17.596693993 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:17.596752882 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:17.596752882 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:17.596752882 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              44192.168.2.650010111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:17.542658091 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:17.542709112 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              45192.168.2.65001265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:17.745862007 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:17.745907068 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:18.494033098 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:16 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:18.494235039 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:18.494319916 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:18.494343042 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:18.494363070 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              46192.168.2.650017111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:18.308221102 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:18.308336020 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              47192.168.2.65002165.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:18.730217934 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:18.730484009 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.499582052 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:17 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:19.499739885 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.499773979 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.499789000 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:19.499829054 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              48192.168.2.650025111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:19.073904037 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.073904037 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              49192.168.2.65002965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:19.714534998 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.714571953 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:20.464441061 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:19 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:20.464670897 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:20.464687109 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:20.464699984 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:20.464726925 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              50192.168.2.650033111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:19.839535952 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:19.839936018 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              51192.168.2.650038111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:20.605256081 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:20.605256081 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              52192.168.2.650063111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:24.698975086 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:24.699019909 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              53192.168.2.65006565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:24.730221987 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:24.730259895 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:25.459703922 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:23 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:25.459853888 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:25.459897995 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:25.459897995 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:25.459980011 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              54192.168.2.650073111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:25.537065029 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:25.537065983 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              55192.168.2.650085111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:27.683518887 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:27.683520079 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              56192.168.2.65008665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:27.699126959 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:27.699157953 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:28.416039944 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:27 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:28.416205883 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:28.416258097 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:28.416258097 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:28.416258097 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              57192.168.2.650092111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:28.480129957 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:28.480164051 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              58192.168.2.65009465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:28.574306965 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:28.574306965 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:29.299985886 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:27 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:29.300175905 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:29.300252914 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:29.300252914 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:29.300252914 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              59192.168.2.650099111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:29.245738983 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:29.245765924 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              60192.168.2.65010165.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:29.448949099 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:29.449018002 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.163588047 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:28 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:30.163789988 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.163888931 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.163888931 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:30.163889885 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              61192.168.2.650103111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:30.011423111 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.011462927 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              62192.168.2.65010465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:30.324245930 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.324320078 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:31.080940008 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:30 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:31.081264019 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:31.081306934 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:31.081306934 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:31.081306934 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              63192.168.2.650106111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:30.777021885 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:30.780615091 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              64192.168.2.65010765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:31.308361053 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:31.308413982 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.023204088 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:31 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:32.023441076 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.023442030 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.023490906 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:32.023490906 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              65192.168.2.650109111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:31.542606115 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:31.542728901 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              66192.168.2.65011065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:32.183420897 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.183440924 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.906635046 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:31 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:32.906994104 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.907008886 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.907008886 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:32.907017946 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              67192.168.2.650112111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:32.308248997 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:32.308392048 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              68192.168.2.650114111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:33.074013948 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.074013948 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              69192.168.2.65011565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:33.089468956 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.089490891 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.814249039 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:32 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:33.816699028 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.816726923 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.816726923 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:33.816745996 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              70192.168.2.650119111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:33.839643955 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:33.839675903 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              71192.168.2.65012065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:34.042850018 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:34.042937994 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:34.790018082 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:33 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:34.792716980 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:34.792716980 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:34.792716980 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:34.792805910 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              72192.168.2.650123111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:38.683670998 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:38.683670998 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              73192.168.2.65012465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:38.698965073 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:38.698996067 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:39.419019938 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:37 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:39.419255972 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:39.419255972 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:39.419255972 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:39.419255972 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              74192.168.2.650128111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:45.526961088 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:45.526987076 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              75192.168.2.65013065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:45.558211088 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:45.558227062 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:46.272918940 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:44 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:46.276722908 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:46.276724100 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:46.276724100 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:46.276809931 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              76192.168.2.650133111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:46.308206081 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:46.308234930 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              77192.168.2.65013465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:46.511682034 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:46.511682034 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.243103027 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:46 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:47.243235111 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.243257999 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.243258953 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:47.243287086 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              78192.168.2.650136111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:47.074682951 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.074682951 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              79192.168.2.65013765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:47.386377096 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.386646032 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.111412048 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:47 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:48.114708900 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.114742994 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.114799023 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:48.114806890 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              80192.168.2.650139111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:47.839448929 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:47.839551926 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              81192.168.2.65014065.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:48.261454105 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.261455059 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.984110117 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:47 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:48.984261036 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.984316111 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.984316111 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:48.984316111 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              82192.168.2.650142111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:48.605115891 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:48.606604099 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              83192.168.2.65014365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:49.136430979 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:49.138968945 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:49.852947950 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:48 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:49.853101015 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:49.853135109 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:49.853135109 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:49.853158951 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              84192.168.2.650145111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:49.370738029 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:49.370764971 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              85192.168.2.65014665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:50.011665106 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:50.011665106 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:50.761759043 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:48 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:50.761899948 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:50.761950016 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:50.761950016 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:50.761950016 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              86192.168.2.650150111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:56.245939016 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:56.246005058 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              87192.168.2.65015265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:56.278953075 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:56.278994083 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.003952980 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:55 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:57.004076958 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.004122019 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.004122019 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:57.004122019 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              88192.168.2.650155111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:57.029849052 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.029906988 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              89192.168.2.65015665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:57.230123043 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.230123043 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.957206964 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:56 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:57.957319975 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.957319975 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.957370996 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:57.957370996 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              90192.168.2.650158111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:57.792638063 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:57.792694092 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              91192.168.2.65015965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:58.105427027 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.105552912 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.829576969 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:57 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:58.829791069 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.829833984 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.829833984 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:58.829833984 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              92192.168.2.650161111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:58.558252096 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.558274984 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              93192.168.2.65016265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:58.988459110 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:58.988497972 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:59.698508978 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:57 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:38:59.698731899 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:59.698812008 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:59.698822975 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:38:59.699018002 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              94192.168.2.650164111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:59.376003027 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:59.376614094 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              95192.168.2.65016565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:38:59.856113911 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:38:59.856194973 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.588133097 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:38:59 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:00.590127945 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.590178967 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.590178967 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:00.590178967 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              96192.168.2.650167111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:00.183336973 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.183336973 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              97192.168.2.65016965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:00.855200052 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.855221033 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:01.617650986 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:00 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:01.617765903 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:01.617765903 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:01.617821932 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:01.617856026 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              98192.168.2.650170111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:00.949350119 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:00.949377060 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              99192.168.2.650172111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:01.714648962 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:01.714648962 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              100192.168.2.65017365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:01.824827909 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:01.824827909 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:02.548341990 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:00 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:02.549171925 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:02.549171925 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:02.549171925 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:02.549199104 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              101192.168.2.650175111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:02.480178118 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:02.480206966 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              102192.168.2.65017665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:02.698945045 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:02.702637911 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:03.430547953 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:02 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:03.432723999 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:03.432768106 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:03.432768106 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:03.432769060 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              103192.168.2.650178111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:03.247092009 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:03.248620033 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              104192.168.2.65017965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:03.584186077 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:03.584186077 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.289593935 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:03 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:04.289911985 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.289946079 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.289946079 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:04.289958000 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              105192.168.2.650181111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:04.014812946 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.014961958 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              106192.168.2.65018265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:04.448898077 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.448899031 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:05.165671110 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:03 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:05.167779922 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:05.167815924 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:05.167815924 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:05.167824984 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              107192.168.2.650184111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:04.777367115 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:04.777388096 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              108192.168.2.65018765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:05.324428082 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:05.324459076 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:06.064588070 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:04 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:06.064857006 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:06.064883947 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:06.064883947 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:06.064893007 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              109192.168.2.650189111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:05.542633057 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:05.542633057 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              110192.168.2.650192111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:08.261533976 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:08.261604071 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              111192.168.2.65019365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:08.277565002 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:08.277832031 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.032418013 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:08 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:09.032572985 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.032573938 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.032573938 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:09.032697916 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              112192.168.2.650195111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:09.058352947 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.058439970 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              113192.168.2.65019665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:09.261615038 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.261656046 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.989753962 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:08 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:09.992357016 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.992357016 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.992851019 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:09.992907047 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              114192.168.2.650198111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:09.829631090 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:09.830235004 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              115192.168.2.65019965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:10.465773106 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:10.465801001 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:11.186810970 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:10 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:11.186932087 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:11.186966896 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:11.186966896 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:11.186986923 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              116192.168.2.650201111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:11.386702061 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:11.386703014 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              117192.168.2.65020265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:11.402867079 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:11.402894020 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:12.123459101 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:11 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:12.123558998 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:12.123574972 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:12.123574972 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:12.123600960 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              118192.168.2.650204111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:12.214548111 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:12.216638088 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              119192.168.2.65020565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:12.324100971 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:12.324100971 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.039354086 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:11 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:13.039474964 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.039474964 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.039474964 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:13.039474964 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              120192.168.2.650207111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:13.136626959 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.136626959 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              121192.168.2.65020865.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:13.198899031 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.198991060 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.947248936 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:12 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:13.947349072 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.947349072 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.947386026 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:13.947452068 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              122192.168.2.650212111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:13.980313063 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:13.980411053 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              123192.168.2.65021365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:14.183496952 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:14.183532953 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:14.964818001 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:13 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:14.965001106 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:14.965039968 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:14.965039968 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:14.965039968 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              124192.168.2.650215111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:14.745897055 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:14.746781111 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              125192.168.2.65021665.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:15.167710066 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:15.171474934 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:15.899362087 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:14 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:15.899588108 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:15.899630070 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:15.899630070 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:15.899630070 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              126192.168.2.650218111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:15.511832952 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:15.515466928 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              127192.168.2.65021965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:16.042648077 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:16.042678118 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:16.790891886 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:14 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:16.794720888 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:16.794763088 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:16.794763088 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:16.794763088 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              128192.168.2.650222111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:16.277693987 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:16.278718948 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              129192.168.2.650224111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:17.044110060 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.044110060 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              130192.168.2.65022565.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:17.060884953 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.061305046 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.776361942 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:16 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:17.776525974 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.776571035 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.776571035 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:17.776571989 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              131192.168.2.650227111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:17.808394909 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:17.808440924 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              132192.168.2.65022865.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:18.011733055 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.011734009 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.740174055 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:17 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:18.740910053 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.740910053 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.740910053 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:18.740978003 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              133192.168.2.650230111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:18.575011969 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.575011969 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              134192.168.2.65023165.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:18.886461020 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:18.887584925 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:19.632157087 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:18 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:19.632308006 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:19.632397890 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:19.632397890 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:19.632397890 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              135192.168.2.650233111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:19.339550018 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:19.340636969 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              136192.168.2.65023465.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:19.886423111 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:19.886424065 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.651424885 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:19 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:20.652779102 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.652780056 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.652780056 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:20.652780056 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              137192.168.2.650236111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:20.114216089 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.114216089 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              138192.168.2.650238111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:20.871407986 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.871408939 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              139192.168.2.65023965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:20.886395931 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:20.888637066 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:21.613769054 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:19 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:21.613917112 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:21.613917112 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:21.613954067 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:21.613979101 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              140192.168.2.650241111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:21.636637926 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:21.636637926 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              141192.168.2.65024365.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:21.856471062 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:21.856549978 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:22.603615999 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:20 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:22.603842020 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:22.603842020 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:22.603879929 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:22.603879929 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              142192.168.2.650246111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:22.402113914 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:22.402113914 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              143192.168.2.65024765.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:22.824379921 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:22.824381113 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.555001020 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:22 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:23.555258989 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.555258989 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.555299044 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:23.555299044 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              144192.168.2.650248111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:23.152467966 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.152749062 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              145192.168.2.65024965.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:23.698996067 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.698996067 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:24.429249048 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:23 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:24.429528952 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:24.429552078 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:24.429558992 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:24.429569960 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              146192.168.2.650250111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:23.917805910 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:23.920638084 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              147192.168.2.65025265.21.245.7808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:24.575259924 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:24.576630116 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:25.299940109 CET505INHTTP/1.1 400 Bad Request
                                                                              Content-Type: text/html; charset=us-ascii
                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                              Date: Wed, 30 Oct 2024 21:39:23 GMT
                                                                              Connection: close
                                                                              Content-Length: 326
                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 56 65 72 62 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 76 65 72 62 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid Verb</h2><hr><p>HTTP Error 400. The request verb is invalid.</p></BODY></HTML>
                                                                              Oct 30, 2024 22:39:25.300755024 CET6OUTData Raw: 00 00 10 18
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:25.300755024 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:25.300755024 CET6OUTData Raw: 2d 2d 0d 0a
                                                                              Data Ascii: --
                                                                              Oct 30, 2024 22:39:25.300755978 CET6OUTData Raw: 00 00 00 00
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              148192.168.2.650253111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:24.683284998 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:24.683398962 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              149192.168.2.650255111.90.140.76808036C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Oct 30, 2024 22:39:25.449668884 CET6OUTData Raw: 00 00 00 01
                                                                              Data Ascii:
                                                                              Oct 30, 2024 22:39:25.449670076 CET6OUTData Raw: 00 00 00 03
                                                                              Data Ascii:


                                                                              HTTPS Proxied Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.64976096.7.168.1384437180C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-10-30 21:37:46 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                              Host: armmf.adobe.com
                                                                              Connection: keep-alive
                                                                              Accept-Language: en-US,en;q=0.9
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                              Sec-Fetch-Site: same-origin
                                                                              Sec-Fetch-Mode: no-cors
                                                                              Sec-Fetch-Dest: empty
                                                                              Accept-Encoding: gzip, deflate, br
                                                                              If-None-Match: "78-5faa31cce96da"
                                                                              If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                              2024-10-30 21:37:46 UTC198INHTTP/1.1 304 Not Modified
                                                                              Content-Type: text/plain; charset=UTF-8
                                                                              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                              ETag: "78-5faa31cce96da"
                                                                              Date: Wed, 30 Oct 2024 21:37:46 GMT
                                                                              Connection: close


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:17:37:29
                                                                              Start date:30/10/2024
                                                                              Path:C:\Users\user\Desktop\0438.pdf.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\Desktop\0438.pdf.exe"
                                                                              Imagebase:0x7ff655d80000
                                                                              File size:11'654'747 bytes
                                                                              MD5 hash:2D11DBA46735AF1CB1C0A42E9564E20D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:17:37:30
                                                                              Start date:30/10/2024
                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\pdf.msi" /qn
                                                                              Imagebase:0x7ff75fcd0000
                                                                              File size:69'632 bytes
                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:3
                                                                              Start time:17:37:31
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Doc.pdf"
                                                                              Imagebase:0x7ff651090000
                                                                              File size:5'641'176 bytes
                                                                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:4
                                                                              Start time:17:37:31
                                                                              Start date:30/10/2024
                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                              Imagebase:0x7ff75fcd0000
                                                                              File size:69'632 bytes
                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:5
                                                                              Start time:17:37:32
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                              Imagebase:0x7ff70df30000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:6
                                                                              Start time:17:37:32
                                                                              Start date:30/10/2024
                                                                              Path:C:\Windows\System32\svchost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                              Imagebase:0x7ff7403e0000
                                                                              File size:55'320 bytes
                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:7
                                                                              Start time:17:37:32
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,7783600837662025009,4322504478347230784,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                              Imagebase:0x7ff70df30000
                                                                              File size:3'581'912 bytes
                                                                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:11
                                                                              Start time:17:37:39
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /siex /silentinstall
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000B.00000000.2234439109.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 3%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:12
                                                                              Start time:17:37:41
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /siex /silentinstall
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000C.00000000.2252577316.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe, Author: Joe Security
                                                                              Antivirus matches:
                                                                              • Detection: 3%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:13
                                                                              Start time:17:37:42
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /firewall
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:14
                                                                              Start time:17:37:42
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /firewall
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:15
                                                                              Start time:17:37:43
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /server /start
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:17
                                                                              Start time:17:37:44
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe" /start
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:18
                                                                              Start time:17:37:44
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMServer.exe"
                                                                              Imagebase:0x400000
                                                                              File size:7'753'808 bytes
                                                                              MD5 hash:F3D74B072B9697CF64B0B8445FDC8128
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:20
                                                                              Start time:17:37:47
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe"
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:21
                                                                              Start time:17:37:47
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:22
                                                                              Start time:17:37:47
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:23
                                                                              Start time:17:37:48
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:24
                                                                              Start time:17:37:49
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:25
                                                                              Start time:17:37:50
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:26
                                                                              Start time:17:37:51
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:27
                                                                              Start time:17:37:53
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:29
                                                                              Start time:17:39:09
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:30
                                                                              Start time:17:39:29
                                                                              Start date:30/10/2024
                                                                              Path:C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Program Files (x86)\LiteManager Pro - Server\ROMFUSClient.exe" /tray
                                                                              Imagebase:0x400000
                                                                              File size:6'307'408 bytes
                                                                              MD5 hash:63D0964168B927D00064AA684E79A300
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:Borland Delphi
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:12.4%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:26.8%
                                                                                Total number of Nodes:2000
                                                                                Total number of Limit Nodes:27
                                                                                execution_graph 26465 7ff655dbbf2c 41 API calls 2 library calls 26471 7ff655dbbdf8 26472 7ff655dbbe1e GetModuleHandleW 26471->26472 26473 7ff655dbbe68 26471->26473 26472->26473 26478 7ff655dbbe2b 26472->26478 26488 7ff655dbf398 EnterCriticalSection 26473->26488 26478->26473 26489 7ff655dbbfb0 GetModuleHandleExW 26478->26489 26490 7ff655dbc001 26489->26490 26491 7ff655dbbfda GetProcAddress 26489->26491 26493 7ff655dbc011 26490->26493 26494 7ff655dbc00b FreeLibrary 26490->26494 26491->26490 26492 7ff655dbbff4 26491->26492 26492->26490 26493->26473 26494->26493 25481 7ff655db03e0 25482 7ff655db041f 25481->25482 25483 7ff655db0497 25481->25483 25514 7ff655d9aae0 25482->25514 25485 7ff655d9aae0 48 API calls 25483->25485 25486 7ff655db04ab 25485->25486 25488 7ff655d9da98 48 API calls 25486->25488 25493 7ff655db0442 BuildCatchObjectHelperInternal 25488->25493 25491 7ff655db0541 25511 7ff655d8250c 25491->25511 25492 7ff655db05cc 25497 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25492->25497 25493->25492 25494 7ff655db05c6 25493->25494 25506 7ff655d81fa0 25493->25506 25524 7ff655db7904 25494->25524 25501 7ff655db05d2 25497->25501 25507 7ff655d81fb3 25506->25507 25508 7ff655d81fdc 25506->25508 25507->25508 25509 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25507->25509 25508->25491 25510 7ff655d82000 25509->25510 25512 7ff655d82516 SetDlgItemTextW 25511->25512 25513 7ff655d82513 25511->25513 25513->25512 25515 7ff655d9aaf3 25514->25515 25529 7ff655d99774 25515->25529 25518 7ff655d9ab86 25521 7ff655d9da98 25518->25521 25519 7ff655d9ab58 LoadStringW 25519->25518 25520 7ff655d9ab71 LoadStringW 25519->25520 25520->25518 25566 7ff655d9d874 25521->25566 25669 7ff655db783c 31 API calls 3 library calls 25524->25669 25526 7ff655db791d 25670 7ff655db7934 16 API calls abort 25526->25670 25536 7ff655d99638 25529->25536 25531 7ff655d997d9 25546 7ff655db2320 25531->25546 25537 7ff655d99692 25536->25537 25545 7ff655d99730 25536->25545 25542 7ff655d996c0 25537->25542 25559 7ff655da0f68 WideCharToMultiByte 25537->25559 25538 7ff655d996ef 25562 7ff655dba270 31 API calls 2 library calls 25538->25562 25539 7ff655db2320 _handle_error 8 API calls 25541 7ff655d99764 25539->25541 25541->25531 25555 7ff655d99800 25541->25555 25542->25538 25561 7ff655d9aa88 45 API calls _snwprintf 25542->25561 25545->25539 25547 7ff655db2329 25546->25547 25548 7ff655db2550 IsProcessorFeaturePresent 25547->25548 25549 7ff655d997f2 25547->25549 25550 7ff655db2568 25548->25550 25549->25518 25549->25519 25563 7ff655db2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25550->25563 25552 7ff655db257b 25564 7ff655db2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25552->25564 25556 7ff655d99840 25555->25556 25558 7ff655d99869 25555->25558 25565 7ff655dba270 31 API calls 2 library calls 25556->25565 25558->25531 25560 7ff655da0faa 25559->25560 25560->25542 25561->25538 25562->25545 25563->25552 25565->25558 25582 7ff655d9d4d0 25566->25582 25571 7ff655d9d8e5 _snwprintf 25578 7ff655d9d974 25571->25578 25596 7ff655db9ef0 25571->25596 25623 7ff655d89d78 33 API calls 25571->25623 25573 7ff655d9da17 25574 7ff655db2320 _handle_error 8 API calls 25573->25574 25576 7ff655d9da2b 25574->25576 25575 7ff655d9d9a3 25575->25573 25577 7ff655d9da3f 25575->25577 25576->25493 25579 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25577->25579 25578->25575 25624 7ff655d89d78 33 API calls 25578->25624 25580 7ff655d9da44 25579->25580 25583 7ff655d9d665 25582->25583 25585 7ff655d9d502 25582->25585 25586 7ff655d9cb80 25583->25586 25584 7ff655d81744 33 API calls 25584->25585 25585->25583 25585->25584 25587 7ff655d9cbb6 25586->25587 25594 7ff655d9cc80 25586->25594 25589 7ff655d9cbc6 25587->25589 25591 7ff655d9cc7b 25587->25591 25593 7ff655d9cc20 25587->25593 25589->25571 25634 7ff655d81f80 25591->25634 25593->25589 25625 7ff655db21d0 25593->25625 25641 7ff655d82004 33 API calls std::_Xinvalid_argument 25594->25641 25597 7ff655db9f4e 25596->25597 25598 7ff655db9f36 25596->25598 25597->25598 25599 7ff655db9f58 25597->25599 25657 7ff655dbd69c 15 API calls abort 25598->25657 25659 7ff655db7ef0 35 API calls 2 library calls 25599->25659 25602 7ff655db9f3b 25658 7ff655db78e4 31 API calls _invalid_parameter_noinfo 25602->25658 25604 7ff655db9f69 memcpy_s 25660 7ff655db7e70 15 API calls _set_fmode 25604->25660 25605 7ff655db2320 _handle_error 8 API calls 25606 7ff655dba10b 25605->25606 25606->25571 25608 7ff655db9fd4 25661 7ff655db82f8 46 API calls 3 library calls 25608->25661 25610 7ff655db9fdd 25611 7ff655db9fe5 25610->25611 25612 7ff655dba014 25610->25612 25662 7ff655dbd90c 25611->25662 25614 7ff655dba06c 25612->25614 25615 7ff655dba023 25612->25615 25616 7ff655dba092 25612->25616 25619 7ff655dba01a 25612->25619 25620 7ff655dbd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25614->25620 25618 7ff655dbd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25615->25618 25616->25614 25617 7ff655dba09c 25616->25617 25621 7ff655dbd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25617->25621 25622 7ff655db9f46 25618->25622 25619->25614 25619->25615 25620->25622 25621->25622 25622->25605 25623->25571 25624->25575 25627 7ff655db21db 25625->25627 25626 7ff655db21f4 25626->25589 25627->25626 25629 7ff655db21fa 25627->25629 25642 7ff655dbbbc0 25627->25642 25630 7ff655db2205 25629->25630 25645 7ff655db2f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25629->25645 25632 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 25630->25632 25633 7ff655db220b 25632->25633 25635 7ff655d81f8e std::bad_alloc::bad_alloc 25634->25635 25652 7ff655db4078 25635->25652 25637 7ff655d81f9f 25638 7ff655d81fdc 25637->25638 25639 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25637->25639 25638->25594 25640 7ff655d82000 25639->25640 25646 7ff655dbbc00 25642->25646 25645->25630 25651 7ff655dbf398 EnterCriticalSection 25646->25651 25653 7ff655db40b4 RtlPcToFileHeader 25652->25653 25654 7ff655db4097 25652->25654 25655 7ff655db40db RaiseException 25653->25655 25656 7ff655db40cc 25653->25656 25654->25653 25655->25637 25656->25655 25657->25602 25658->25622 25659->25604 25660->25608 25661->25610 25663 7ff655dbd911 RtlFreeHeap 25662->25663 25664 7ff655dbd941 Concurrency::details::SchedulerProxy::DeleteThis 25662->25664 25663->25664 25665 7ff655dbd92c 25663->25665 25664->25622 25668 7ff655dbd69c 15 API calls abort 25665->25668 25667 7ff655dbd931 GetLastError 25667->25664 25668->25667 25669->25526 25677 7ff655db20f0 25678 7ff655db2106 _com_error::_com_error 25677->25678 25679 7ff655db4078 Concurrency::cancel_current_task 2 API calls 25678->25679 25680 7ff655db2117 25679->25680 25683 7ff655db1900 25680->25683 25709 7ff655db1558 25683->25709 25686 7ff655db198b 25687 7ff655db1868 DloadReleaseSectionWriteAccess 6 API calls 25686->25687 25688 7ff655db1998 RaiseException 25687->25688 25703 7ff655db1bb5 25688->25703 25689 7ff655db1abd 25691 7ff655db1b85 25689->25691 25696 7ff655db1b1b GetProcAddress 25689->25696 25690 7ff655db1a3d LoadLibraryExA 25692 7ff655db1a54 GetLastError 25690->25692 25693 7ff655db1aa9 25690->25693 25717 7ff655db1868 25691->25717 25697 7ff655db1a7e 25692->25697 25698 7ff655db1a69 25692->25698 25693->25689 25694 7ff655db1ab4 FreeLibrary 25693->25694 25694->25689 25695 7ff655db19b4 25695->25689 25695->25690 25695->25691 25695->25693 25696->25691 25701 7ff655db1b30 GetLastError 25696->25701 25700 7ff655db1868 DloadReleaseSectionWriteAccess 6 API calls 25697->25700 25698->25693 25698->25697 25704 7ff655db1a8b RaiseException 25700->25704 25702 7ff655db1b45 25701->25702 25702->25691 25705 7ff655db1868 DloadReleaseSectionWriteAccess 6 API calls 25702->25705 25704->25703 25706 7ff655db1b67 RaiseException 25705->25706 25707 7ff655db1558 _com_raise_error 6 API calls 25706->25707 25708 7ff655db1b81 25707->25708 25708->25691 25710 7ff655db156e 25709->25710 25711 7ff655db15d3 25709->25711 25725 7ff655db1604 25710->25725 25711->25686 25711->25695 25714 7ff655db15ce 25715 7ff655db1604 DloadReleaseSectionWriteAccess 3 API calls 25714->25715 25715->25711 25718 7ff655db1878 25717->25718 25719 7ff655db18d1 25717->25719 25720 7ff655db1604 DloadReleaseSectionWriteAccess 3 API calls 25718->25720 25719->25703 25721 7ff655db187d 25720->25721 25722 7ff655db18cc 25721->25722 25723 7ff655db17d8 DloadProtectSection 3 API calls 25721->25723 25724 7ff655db1604 DloadReleaseSectionWriteAccess 3 API calls 25722->25724 25723->25722 25724->25719 25726 7ff655db161f 25725->25726 25727 7ff655db1573 25725->25727 25726->25727 25728 7ff655db1624 GetModuleHandleW 25726->25728 25727->25714 25732 7ff655db17d8 25727->25732 25729 7ff655db163e GetProcAddress 25728->25729 25730 7ff655db1639 25728->25730 25729->25730 25731 7ff655db1653 GetProcAddress 25729->25731 25730->25727 25731->25730 25733 7ff655db17fa DloadProtectSection 25732->25733 25734 7ff655db183a VirtualProtect 25733->25734 25735 7ff655db1802 25733->25735 25737 7ff655db16a4 VirtualQuery GetSystemInfo 25733->25737 25734->25735 25735->25714 25737->25734 28469 7ff655db11cf 28470 7ff655db1102 28469->28470 28471 7ff655db1900 _com_raise_error 14 API calls 28470->28471 28472 7ff655db1141 28471->28472 26501 7ff655dab190 26844 7ff655d8255c 26501->26844 26503 7ff655dab1db 26504 7ff655dab1ef 26503->26504 26505 7ff655dabe93 26503->26505 26553 7ff655dab20c 26503->26553 26508 7ff655dab1ff 26504->26508 26509 7ff655dab2db 26504->26509 26504->26553 27110 7ff655daf390 26505->27110 26513 7ff655dab2a9 26508->26513 26514 7ff655dab207 26508->26514 26516 7ff655dab391 26509->26516 26521 7ff655dab2f5 26509->26521 26510 7ff655db2320 _handle_error 8 API calls 26515 7ff655dac350 26510->26515 26511 7ff655dabec9 26518 7ff655dabef0 GetDlgItem SendMessageW 26511->26518 26519 7ff655dabed5 SendDlgItemMessageW 26511->26519 26512 7ff655dabeba SendMessageW 26512->26511 26520 7ff655dab2cb EndDialog 26513->26520 26513->26553 26525 7ff655d9aae0 48 API calls 26514->26525 26514->26553 26852 7ff655d822bc GetDlgItem 26516->26852 26524 7ff655d962dc 35 API calls 26518->26524 26519->26518 26520->26553 26522 7ff655d9aae0 48 API calls 26521->26522 26526 7ff655dab313 SetDlgItemTextW 26522->26526 26528 7ff655dabf47 GetDlgItem 26524->26528 26529 7ff655dab236 26525->26529 26531 7ff655dab326 26526->26531 26527 7ff655dab3b1 EndDialog 26706 7ff655dab3da 26527->26706 27129 7ff655d82520 26528->27129 27133 7ff655d81ec4 34 API calls _handle_error 26529->27133 26530 7ff655dab408 GetDlgItem 26535 7ff655dab44f SetFocus 26530->26535 26536 7ff655dab422 SendMessageW SendMessageW 26530->26536 26541 7ff655dab340 GetMessageW 26531->26541 26531->26553 26534 7ff655dab246 26540 7ff655dab25c 26534->26540 26545 7ff655d8250c SetDlgItemTextW 26534->26545 26542 7ff655dab465 26535->26542 26543 7ff655dab4f2 26535->26543 26536->26535 26540->26553 26559 7ff655dac363 26540->26559 26547 7ff655dab35e IsDialogMessageW 26541->26547 26541->26553 26548 7ff655d9aae0 48 API calls 26542->26548 26866 7ff655d88d04 26543->26866 26545->26540 26547->26531 26554 7ff655dab373 TranslateMessage DispatchMessageW 26547->26554 26555 7ff655dab46f 26548->26555 26549 7ff655dabcc5 26556 7ff655d9aae0 48 API calls 26549->26556 26550 7ff655d81fa0 31 API calls 26550->26553 26552 7ff655dab52c 26876 7ff655daef80 26552->26876 26553->26510 26554->26531 26568 7ff655d8129c 33 API calls 26555->26568 26560 7ff655dabcd6 SetDlgItemTextW 26556->26560 26564 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26559->26564 26563 7ff655d9aae0 48 API calls 26560->26563 26569 7ff655dabd08 26563->26569 26570 7ff655dac368 26564->26570 26567 7ff655d9aae0 48 API calls 26572 7ff655dab555 26567->26572 26573 7ff655dab498 26568->26573 26587 7ff655d8129c 33 API calls 26569->26587 26579 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26570->26579 26576 7ff655d9da98 48 API calls 26572->26576 26577 7ff655daf0a4 24 API calls 26573->26577 26584 7ff655dab568 26576->26584 26585 7ff655dab4a5 26577->26585 26580 7ff655dac36e 26579->26580 26594 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26580->26594 26890 7ff655daf0a4 26584->26890 26585->26570 26591 7ff655dab4e8 26585->26591 26614 7ff655dabd31 26587->26614 26607 7ff655dab5ec 26591->26607 27134 7ff655dafa80 33 API calls 2 library calls 26591->27134 26593 7ff655dabdda 26599 7ff655d9aae0 48 API calls 26593->26599 26600 7ff655dac374 26594->26600 26608 7ff655dabde4 26599->26608 26620 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26600->26620 26604 7ff655d81fa0 31 API calls 26612 7ff655dab586 26604->26612 26617 7ff655dab61a 26607->26617 27135 7ff655d932a8 26607->27135 26630 7ff655d8129c 33 API calls 26608->26630 26612->26580 26612->26591 26614->26593 26625 7ff655d8129c 33 API calls 26614->26625 26904 7ff655d92f58 26617->26904 26631 7ff655dac37a 26620->26631 26632 7ff655dabd7f 26625->26632 26628 7ff655dab634 GetLastError 26629 7ff655dab64c 26628->26629 26916 7ff655d97fc4 26629->26916 26635 7ff655dabe0d 26630->26635 26636 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26631->26636 26638 7ff655d9aae0 48 API calls 26632->26638 26652 7ff655d8129c 33 API calls 26635->26652 26642 7ff655dac380 26636->26642 26643 7ff655dabd8a 26638->26643 26640 7ff655dab60e 27138 7ff655da9d90 12 API calls _handle_error 26640->27138 26653 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26642->26653 26648 7ff655d81150 33 API calls 26643->26648 26646 7ff655dab65e 26650 7ff655dab674 26646->26650 26651 7ff655dab665 GetLastError 26646->26651 26654 7ff655dabda2 26648->26654 26656 7ff655dab71c 26650->26656 26660 7ff655dab72b 26650->26660 26661 7ff655dab68b GetTickCount 26650->26661 26651->26650 26657 7ff655dabe4e 26652->26657 26658 7ff655dac386 26653->26658 26663 7ff655d82034 33 API calls 26654->26663 26656->26660 26677 7ff655dabb79 26656->26677 26669 7ff655d81fa0 31 API calls 26657->26669 26662 7ff655d8255c 61 API calls 26658->26662 26666 7ff655daba50 26660->26666 26673 7ff655d96454 34 API calls 26660->26673 26919 7ff655d84228 26661->26919 26665 7ff655dac3e4 26662->26665 26667 7ff655dabdbe 26663->26667 26670 7ff655dac3e8 26665->26670 26680 7ff655dac489 GetDlgItem SetFocus 26665->26680 26708 7ff655dac3fd 26665->26708 26666->26527 27147 7ff655d8bd0c 33 API calls 26666->27147 26674 7ff655d81fa0 31 API calls 26667->26674 26678 7ff655dabe78 26669->26678 26688 7ff655db2320 _handle_error 8 API calls 26670->26688 26681 7ff655dab74e 26673->26681 26675 7ff655dabdcc 26674->26675 26683 7ff655d81fa0 31 API calls 26675->26683 26691 7ff655d9aae0 48 API calls 26677->26691 26686 7ff655d81fa0 31 API calls 26678->26686 26679 7ff655daba75 27148 7ff655d81150 26679->27148 26684 7ff655dac4ba 26680->26684 27139 7ff655d9b914 102 API calls 26681->27139 26683->26593 26696 7ff655d8129c 33 API calls 26684->26696 26685 7ff655dab6ba 26690 7ff655d81fa0 31 API calls 26685->26690 26692 7ff655dabe83 26686->26692 26694 7ff655daca97 26688->26694 26689 7ff655dab768 26695 7ff655d9da98 48 API calls 26689->26695 26697 7ff655dab6c8 26690->26697 26698 7ff655dabba7 SetDlgItemTextW 26691->26698 26699 7ff655d81fa0 31 API calls 26692->26699 26693 7ff655daba8a 26700 7ff655d9aae0 48 API calls 26693->26700 26703 7ff655dab7aa GetCommandLineW 26695->26703 26704 7ff655dac4cc 26696->26704 26929 7ff655d92134 26697->26929 26705 7ff655d82534 26698->26705 26699->26706 26707 7ff655daba97 26700->26707 26701 7ff655dac434 SendDlgItemMessageW 26709 7ff655dac454 26701->26709 26710 7ff655dac45d EndDialog 26701->26710 26711 7ff655dab84f 26703->26711 26712 7ff655dab869 26703->26712 27152 7ff655d980d8 33 API calls 26704->27152 26714 7ff655dabbc5 SetDlgItemTextW GetDlgItem 26705->26714 26706->26550 26715 7ff655d81150 33 API calls 26707->26715 26708->26670 26708->26701 26709->26710 26710->26670 26727 7ff655d820b0 33 API calls 26711->26727 27140 7ff655daab54 33 API calls _handle_error 26712->27140 26719 7ff655dabbf0 GetWindowLongPtrW SetWindowLongPtrW 26714->26719 26720 7ff655dabc13 26714->26720 26721 7ff655dabaaa 26715->26721 26716 7ff655dac4e0 26722 7ff655d8250c SetDlgItemTextW 26716->26722 26719->26720 26945 7ff655dace88 26720->26945 26726 7ff655d81fa0 31 API calls 26721->26726 26728 7ff655dac4f4 26722->26728 26723 7ff655dab87a 27141 7ff655daab54 33 API calls _handle_error 26723->27141 26733 7ff655dabab5 26726->26733 26727->26712 26738 7ff655dac526 SendDlgItemMessageW FindFirstFileW 26728->26738 26730 7ff655dab704 26735 7ff655d9204c 100 API calls 26730->26735 26731 7ff655dab6f5 GetLastError 26731->26730 26737 7ff655d81fa0 31 API calls 26733->26737 26734 7ff655dab88b 27142 7ff655daab54 33 API calls _handle_error 26734->27142 26740 7ff655dab711 26735->26740 26736 7ff655dace88 160 API calls 26741 7ff655dabc3c 26736->26741 26742 7ff655dabac3 26737->26742 26743 7ff655dac57b 26738->26743 26836 7ff655daca04 26738->26836 26745 7ff655d81fa0 31 API calls 26740->26745 27095 7ff655daf974 26741->27095 26752 7ff655d9aae0 48 API calls 26742->26752 26753 7ff655d9aae0 48 API calls 26743->26753 26744 7ff655dab89c 27143 7ff655d9b9b4 102 API calls 26744->27143 26745->26656 26749 7ff655dab8b3 27144 7ff655dafbdc 33 API calls 26749->27144 26750 7ff655daca81 26750->26670 26751 7ff655dace88 160 API calls 26765 7ff655dabc6a 26751->26765 26756 7ff655dabadb 26752->26756 26757 7ff655dac59e 26753->26757 26755 7ff655dacaa9 26759 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26755->26759 26766 7ff655d8129c 33 API calls 26756->26766 26770 7ff655d8129c 33 API calls 26757->26770 26758 7ff655dab8d2 CreateFileMappingW 26762 7ff655dab911 MapViewOfFile 26758->26762 26763 7ff655dab953 ShellExecuteExW 26758->26763 26764 7ff655dacaae 26759->26764 26760 7ff655dabc96 27109 7ff655d82298 GetDlgItem EnableWindow 26760->27109 27145 7ff655db3640 26762->27145 26786 7ff655dab974 26763->26786 26771 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26764->26771 26765->26760 26769 7ff655dace88 160 API calls 26765->26769 26777 7ff655dabb04 26766->26777 26767 7ff655dab3f5 26767->26527 26767->26549 26769->26760 26772 7ff655dac5cd 26770->26772 26773 7ff655dacab4 26771->26773 26774 7ff655d81150 33 API calls 26772->26774 26775 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26773->26775 26778 7ff655dac5e8 26774->26778 26780 7ff655dacaba 26775->26780 26776 7ff655dabb5a 26781 7ff655d81fa0 31 API calls 26776->26781 26777->26631 26777->26776 27153 7ff655d8e164 33 API calls 2 library calls 26778->27153 26779 7ff655dab9c3 26783 7ff655dab9ef 26779->26783 26784 7ff655dab9dc UnmapViewOfFile CloseHandle 26779->26784 26788 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26780->26788 26781->26527 26783->26600 26787 7ff655daba25 26783->26787 26784->26783 26785 7ff655dac5ff 26789 7ff655d81fa0 31 API calls 26785->26789 26786->26779 26793 7ff655dab9b1 Sleep 26786->26793 26791 7ff655d81fa0 31 API calls 26787->26791 26790 7ff655dacac0 26788->26790 26792 7ff655dac60c 26789->26792 26796 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26790->26796 26794 7ff655daba42 26791->26794 26792->26764 26795 7ff655d81fa0 31 API calls 26792->26795 26793->26779 26793->26786 26797 7ff655d81fa0 31 API calls 26794->26797 26798 7ff655dac673 26795->26798 26799 7ff655dacac6 26796->26799 26797->26666 26800 7ff655d8250c SetDlgItemTextW 26798->26800 26802 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26799->26802 26801 7ff655dac687 FindClose 26800->26801 26803 7ff655dac6a3 26801->26803 26804 7ff655dac797 SendDlgItemMessageW 26801->26804 26805 7ff655dacacc 26802->26805 27154 7ff655daa2cc 10 API calls _handle_error 26803->27154 26807 7ff655dac7cb 26804->26807 26810 7ff655d9aae0 48 API calls 26807->26810 26808 7ff655dac6c6 26809 7ff655d9aae0 48 API calls 26808->26809 26811 7ff655dac6cf 26809->26811 26812 7ff655dac7d8 26810->26812 26813 7ff655d9da98 48 API calls 26811->26813 26814 7ff655d8129c 33 API calls 26812->26814 26818 7ff655dac6ec BuildCatchObjectHelperInternal 26813->26818 26815 7ff655dac807 26814->26815 26817 7ff655d81150 33 API calls 26815->26817 26816 7ff655d81fa0 31 API calls 26819 7ff655dac783 26816->26819 26820 7ff655dac822 26817->26820 26818->26773 26818->26816 26821 7ff655d8250c SetDlgItemTextW 26819->26821 27155 7ff655d8e164 33 API calls 2 library calls 26820->27155 26821->26804 26823 7ff655dac839 26824 7ff655d81fa0 31 API calls 26823->26824 26825 7ff655dac845 BuildCatchObjectHelperInternal 26824->26825 26826 7ff655d81fa0 31 API calls 26825->26826 26827 7ff655dac87f 26826->26827 26828 7ff655d81fa0 31 API calls 26827->26828 26829 7ff655dac88c 26828->26829 26829->26780 26830 7ff655d81fa0 31 API calls 26829->26830 26831 7ff655dac8f3 26830->26831 26832 7ff655d8250c SetDlgItemTextW 26831->26832 26833 7ff655dac907 26832->26833 26833->26836 27156 7ff655daa2cc 10 API calls _handle_error 26833->27156 26835 7ff655dac932 26837 7ff655d9aae0 48 API calls 26835->26837 26836->26670 26836->26750 26836->26755 26836->26799 26838 7ff655dac93c 26837->26838 26839 7ff655d9da98 48 API calls 26838->26839 26841 7ff655dac959 BuildCatchObjectHelperInternal 26839->26841 26840 7ff655d81fa0 31 API calls 26842 7ff655dac9f0 26840->26842 26841->26790 26841->26840 26843 7ff655d8250c SetDlgItemTextW 26842->26843 26843->26836 26845 7ff655d8256a 26844->26845 26846 7ff655d825d0 26844->26846 26845->26846 27157 7ff655d9a4ac 26845->27157 26846->26503 26848 7ff655d8258f 26848->26846 26849 7ff655d825a4 GetDlgItem 26848->26849 26849->26846 26850 7ff655d825b7 26849->26850 26850->26846 26851 7ff655d825be SetWindowTextW 26850->26851 26851->26846 26853 7ff655d822fc 26852->26853 26854 7ff655d82334 26852->26854 26856 7ff655d8129c 33 API calls 26853->26856 27206 7ff655d823f8 GetWindowTextLengthW 26854->27206 26857 7ff655d8232a BuildCatchObjectHelperInternal 26856->26857 26858 7ff655d81fa0 31 API calls 26857->26858 26860 7ff655d82389 26857->26860 26858->26860 26859 7ff655d823c8 26861 7ff655db2320 _handle_error 8 API calls 26859->26861 26860->26859 26863 7ff655d823f0 26860->26863 26862 7ff655d823dd 26861->26862 26862->26527 26862->26530 26862->26767 26864 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26863->26864 26865 7ff655d823f5 26864->26865 26867 7ff655d88d34 26866->26867 26874 7ff655d88de8 26866->26874 26868 7ff655d88d42 BuildCatchObjectHelperInternal 26867->26868 26871 7ff655d88de3 26867->26871 26873 7ff655d88d91 26867->26873 26868->26552 26872 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 26871->26872 26872->26874 26873->26868 26875 7ff655db21d0 33 API calls 26873->26875 27218 7ff655d82004 33 API calls std::_Xinvalid_argument 26874->27218 26875->26868 26880 7ff655daefb0 26876->26880 26877 7ff655daefd7 26878 7ff655db2320 _handle_error 8 API calls 26877->26878 26879 7ff655dab537 26878->26879 26879->26567 26880->26877 27219 7ff655d8bd0c 33 API calls 26880->27219 26882 7ff655daf02a 26883 7ff655d81150 33 API calls 26882->26883 26884 7ff655daf03f 26883->26884 26886 7ff655d81fa0 31 API calls 26884->26886 26888 7ff655daf04f BuildCatchObjectHelperInternal 26884->26888 26885 7ff655d81fa0 31 API calls 26887 7ff655daf076 26885->26887 26886->26888 26889 7ff655d81fa0 31 API calls 26887->26889 26888->26885 26889->26877 27220 7ff655daae1c PeekMessageW 26890->27220 26893 7ff655daf143 SendMessageW SendMessageW 26894 7ff655daf1a4 SendMessageW 26893->26894 26895 7ff655daf189 26893->26895 26897 7ff655daf1c3 26894->26897 26898 7ff655daf1c6 SendMessageW SendMessageW 26894->26898 26895->26894 26896 7ff655daf0f5 26899 7ff655daf101 ShowWindow SendMessageW SendMessageW 26896->26899 26897->26898 26900 7ff655daf1f3 SendMessageW 26898->26900 26901 7ff655daf218 SendMessageW 26898->26901 26899->26893 26900->26901 26902 7ff655db2320 _handle_error 8 API calls 26901->26902 26903 7ff655dab578 26902->26903 26903->26604 26905 7ff655d9309d 26904->26905 26912 7ff655d92f8e 26904->26912 26906 7ff655db2320 _handle_error 8 API calls 26905->26906 26907 7ff655d930b3 26906->26907 26907->26628 26907->26629 26908 7ff655d93077 26908->26905 26909 7ff655d93684 56 API calls 26908->26909 26909->26905 26910 7ff655d8129c 33 API calls 26910->26912 26912->26908 26912->26910 26913 7ff655d930c8 26912->26913 27225 7ff655d93684 26912->27225 26914 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26913->26914 26915 7ff655d930cd 26914->26915 26917 7ff655d97fcf 26916->26917 26918 7ff655d97fd2 SetCurrentDirectoryW 26916->26918 26917->26918 26918->26646 26920 7ff655d84255 26919->26920 26921 7ff655d8426a 26920->26921 26922 7ff655d8129c 33 API calls 26920->26922 26923 7ff655db2320 _handle_error 8 API calls 26921->26923 26922->26921 26924 7ff655d842a1 26923->26924 26925 7ff655d83c84 26924->26925 26926 7ff655d83cab 26925->26926 27259 7ff655d8710c 26926->27259 26928 7ff655d83cbb BuildCatchObjectHelperInternal 26928->26685 26930 7ff655d9216a 26929->26930 26931 7ff655d921b1 CreateFileW 26930->26931 26932 7ff655d9219e 26930->26932 26931->26932 26933 7ff655d9227f 26932->26933 26934 7ff655d96a0c 49 API calls 26932->26934 26935 7ff655d922af 26933->26935 26938 7ff655d820b0 33 API calls 26933->26938 26937 7ff655d92209 26934->26937 26936 7ff655db2320 _handle_error 8 API calls 26935->26936 26939 7ff655d922c4 26936->26939 26940 7ff655d92246 26937->26940 26941 7ff655d9220d CreateFileW 26937->26941 26938->26935 26939->26730 26939->26731 26940->26933 26942 7ff655d922d8 26940->26942 26941->26940 26943 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26942->26943 26944 7ff655d922dd 26943->26944 27271 7ff655daaa08 26945->27271 26947 7ff655dad1ee 26948 7ff655d81fa0 31 API calls 26947->26948 26949 7ff655dad1f7 26948->26949 26951 7ff655db2320 _handle_error 8 API calls 26949->26951 26950 7ff655d9d22c 33 API calls 27094 7ff655dacf03 BuildCatchObjectHelperInternal 26950->27094 26952 7ff655dabc2b 26951->26952 26952->26736 26953 7ff655daeefa 27395 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26953->27395 26956 7ff655daef00 27396 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26956->27396 26958 7ff655daef06 26962 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26958->26962 26960 7ff655daeeee 26961 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26960->26961 26963 7ff655daeef4 26961->26963 26965 7ff655daef0c 26962->26965 27394 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26963->27394 26967 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26965->26967 26969 7ff655daef12 26967->26969 26968 7ff655daee4a 26970 7ff655daeed2 26968->26970 26971 7ff655d820b0 33 API calls 26968->26971 26974 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26969->26974 26980 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 26970->26980 26976 7ff655daee77 26971->26976 26972 7ff655daeee8 27393 7ff655d82004 33 API calls std::_Xinvalid_argument 26972->27393 26973 7ff655d813a4 33 API calls 26977 7ff655dadc3a GetTempPathW 26973->26977 26979 7ff655daef18 26974->26979 27392 7ff655daabe8 33 API calls 3 library calls 26976->27392 26977->27094 26978 7ff655d962dc 35 API calls 26978->27094 26983 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26979->26983 26980->26972 26987 7ff655daef1e 26983->26987 26985 7ff655daee8d 26993 7ff655d81fa0 31 API calls 26985->26993 26996 7ff655daeea4 BuildCatchObjectHelperInternal 26985->26996 26986 7ff655d82520 SetWindowTextW 26986->27094 26994 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26987->26994 26989 7ff655dbbb8c 43 API calls 26989->27094 26990 7ff655d81fa0 31 API calls 26990->26970 26991 7ff655d82034 33 API calls 26991->27094 26992 7ff655dae7f3 26992->26970 26992->26972 26995 7ff655db21d0 33 API calls 26992->26995 27003 7ff655dae83b BuildCatchObjectHelperInternal 26992->27003 26993->26996 26998 7ff655daef24 26994->26998 26995->27003 26996->26990 27002 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26998->27002 26999 7ff655daaa08 33 API calls 26999->27094 27000 7ff655daef6c 27398 7ff655d82004 33 API calls std::_Xinvalid_argument 27000->27398 27001 7ff655d820b0 33 API calls 27001->27094 27007 7ff655daef2a 27002->27007 27011 7ff655d820b0 33 API calls 27003->27011 27053 7ff655daeb8f 27003->27053 27005 7ff655d81fa0 31 API calls 27005->26968 27006 7ff655daef78 27399 7ff655d82004 33 API calls std::_Xinvalid_argument 27006->27399 27018 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27007->27018 27008 7ff655daef72 27020 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 27008->27020 27010 7ff655daef66 27016 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 27010->27016 27019 7ff655dae963 27011->27019 27014 7ff655d8129c 33 API calls 27014->27094 27015 7ff655daed40 27015->27006 27015->27008 27032 7ff655daed3b BuildCatchObjectHelperInternal 27015->27032 27037 7ff655db21d0 33 API calls 27015->27037 27016->27000 27017 7ff655daec2a 27017->27000 27017->27010 27025 7ff655daec72 BuildCatchObjectHelperInternal 27017->27025 27017->27032 27034 7ff655db21d0 33 API calls 27017->27034 27024 7ff655daef30 27018->27024 27026 7ff655daef60 27019->27026 27033 7ff655d8129c 33 API calls 27019->27033 27020->27006 27022 7ff655da99c8 31 API calls 27022->27094 27023 7ff655d93d34 51 API calls 27023->27094 27039 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27024->27039 27314 7ff655daf4e0 27025->27314 27397 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 27026->27397 27028 7ff655dad5e9 GetDlgItem 27035 7ff655d82520 SetWindowTextW 27028->27035 27029 7ff655d9dc2c 33 API calls 27029->27094 27032->27005 27040 7ff655dae9a6 27033->27040 27034->27025 27041 7ff655dad608 SendMessageW 27035->27041 27037->27032 27038 7ff655d81fa0 31 API calls 27038->27094 27045 7ff655daef36 27039->27045 27388 7ff655d9d22c 27040->27388 27041->27094 27042 7ff655d932bc 51 API calls 27042->27094 27043 7ff655d82674 31 API calls 27043->27094 27048 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27045->27048 27047 7ff655d95b60 53 API calls 27047->27094 27052 7ff655daef3c 27048->27052 27049 7ff655dad63c SendMessageW 27049->27094 27051 7ff655d93f30 54 API calls 27051->27094 27057 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27052->27057 27053->27015 27053->27017 27059 7ff655daef54 27053->27059 27061 7ff655daef5a 27053->27061 27055 7ff655d95aa8 33 API calls 27055->27094 27060 7ff655daef42 27057->27060 27062 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27059->27062 27066 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27060->27066 27063 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27061->27063 27062->27061 27063->27026 27064 7ff655d84228 33 API calls 27064->27094 27069 7ff655daef48 27066->27069 27067 7ff655d95820 33 API calls 27067->27094 27068 7ff655d932a8 51 API calls 27068->27094 27071 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27069->27071 27070 7ff655d8e164 33 API calls 27070->27094 27073 7ff655daef4e 27071->27073 27072 7ff655d8250c SetDlgItemTextW 27072->27094 27077 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27073->27077 27075 7ff655d97df4 47 API calls 27075->27094 27076 7ff655d81150 33 API calls 27076->27094 27077->27059 27079 7ff655d81fa0 31 API calls 27083 7ff655dae9d1 27079->27083 27080 7ff655d8129c 33 API calls 27080->27083 27082 7ff655da13c4 CompareStringW 27082->27083 27083->27053 27083->27069 27083->27073 27083->27079 27083->27080 27083->27082 27086 7ff655d9d22c 33 API calls 27083->27086 27084 7ff655dadf99 EndDialog 27084->27094 27086->27083 27087 7ff655dadb21 MoveFileW 27088 7ff655dadb70 27087->27088 27089 7ff655dadb55 MoveFileExW 27087->27089 27090 7ff655d81fa0 31 API calls 27088->27090 27088->27094 27089->27088 27090->27088 27091 7ff655d92f58 56 API calls 27091->27094 27092 7ff655d88d04 33 API calls 27092->27094 27094->26947 27094->26950 27094->26953 27094->26956 27094->26958 27094->26960 27094->26963 27094->26965 27094->26968 27094->26969 27094->26973 27094->26978 27094->26979 27094->26986 27094->26987 27094->26989 27094->26991 27094->26992 27094->26998 27094->26999 27094->27001 27094->27007 27094->27014 27094->27022 27094->27023 27094->27024 27094->27029 27094->27038 27094->27042 27094->27043 27094->27045 27094->27047 27094->27049 27094->27051 27094->27052 27094->27055 27094->27060 27094->27064 27094->27067 27094->27068 27094->27070 27094->27072 27094->27075 27094->27076 27094->27084 27094->27087 27094->27091 27094->27092 27275 7ff655da13c4 CompareStringW 27094->27275 27276 7ff655daa440 27094->27276 27352 7ff655d9cfa4 35 API calls _invalid_parameter_noinfo_noreturn 27094->27352 27353 7ff655da95b4 33 API calls Concurrency::cancel_current_task 27094->27353 27354 7ff655db0684 31 API calls _invalid_parameter_noinfo_noreturn 27094->27354 27355 7ff655d8df4c 47 API calls BuildCatchObjectHelperInternal 27094->27355 27356 7ff655daa834 33 API calls _invalid_parameter_noinfo_noreturn 27094->27356 27357 7ff655da9518 33 API calls 27094->27357 27358 7ff655daabe8 33 API calls 3 library calls 27094->27358 27359 7ff655d97368 33 API calls 2 library calls 27094->27359 27360 7ff655d94088 33 API calls 27094->27360 27361 7ff655d965b0 33 API calls 3 library calls 27094->27361 27362 7ff655d972cc 27094->27362 27366 7ff655d81744 33 API calls 4 library calls 27094->27366 27367 7ff655d931bc 27094->27367 27381 7ff655d93ea0 FindClose 27094->27381 27382 7ff655da13f4 CompareStringW 27094->27382 27383 7ff655da9cd0 47 API calls 27094->27383 27384 7ff655da87d8 51 API calls 3 library calls 27094->27384 27385 7ff655daab54 33 API calls _handle_error 27094->27385 27386 7ff655d95b08 CompareStringW 27094->27386 27387 7ff655d97eb0 47 API calls 27094->27387 27096 7ff655daf9a3 27095->27096 27097 7ff655d820b0 33 API calls 27096->27097 27099 7ff655daf9b9 27097->27099 27098 7ff655daf9ee 27412 7ff655d8e34c 27098->27412 27099->27098 27100 7ff655d820b0 33 API calls 27099->27100 27100->27098 27102 7ff655dafa4b 27432 7ff655d8e7a8 27102->27432 27106 7ff655dafa61 27107 7ff655db2320 _handle_error 8 API calls 27106->27107 27108 7ff655dabc52 27107->27108 27108->26751 27111 7ff655da849c 4 API calls 27110->27111 27112 7ff655daf3bf 27111->27112 27113 7ff655daf4b7 27112->27113 27114 7ff655daf3c7 GetWindow 27112->27114 27115 7ff655db2320 _handle_error 8 API calls 27113->27115 27122 7ff655daf3e2 27114->27122 27116 7ff655dabe9b 27115->27116 27116->26511 27116->26512 27117 7ff655daf3ee GetClassNameW 28462 7ff655da13c4 CompareStringW 27117->28462 27119 7ff655daf496 GetWindow 27119->27113 27119->27122 27120 7ff655daf417 GetWindowLongPtrW 27120->27119 27121 7ff655daf429 SendMessageW 27120->27121 27121->27119 27123 7ff655daf445 GetObjectW 27121->27123 27122->27113 27122->27117 27122->27119 27122->27120 28463 7ff655da8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27123->28463 27125 7ff655daf461 27126 7ff655da84cc 4 API calls 27125->27126 28464 7ff655da8df4 16 API calls _handle_error 27125->28464 27126->27125 27128 7ff655daf479 SendMessageW DeleteObject 27128->27119 27130 7ff655d8252a SetWindowTextW 27129->27130 27131 7ff655d82527 27129->27131 27132 7ff655dee2db 27130->27132 27131->27130 27133->26534 27134->26607 27136 7ff655d932bc 51 API calls 27135->27136 27137 7ff655d932b1 27136->27137 27137->26617 27137->26640 27138->26617 27139->26689 27140->26723 27141->26734 27142->26744 27143->26749 27144->26758 27146 7ff655db3620 27145->27146 27146->26763 27147->26679 27149 7ff655d81177 27148->27149 27150 7ff655d82034 33 API calls 27149->27150 27151 7ff655d81185 BuildCatchObjectHelperInternal 27150->27151 27151->26693 27152->26716 27153->26785 27154->26808 27155->26823 27156->26835 27158 7ff655d93e28 swprintf 46 API calls 27157->27158 27159 7ff655d9a509 27158->27159 27160 7ff655da0f68 WideCharToMultiByte 27159->27160 27161 7ff655d9a519 27160->27161 27162 7ff655d9a589 27161->27162 27176 7ff655d99800 31 API calls 27161->27176 27179 7ff655d9a56a SetDlgItemTextW 27161->27179 27182 7ff655d99408 27162->27182 27165 7ff655d9a603 27167 7ff655d9a6c2 27165->27167 27168 7ff655d9a60c GetWindowLongPtrW 27165->27168 27166 7ff655d9a6f2 GetSystemMetrics GetWindow 27169 7ff655d9a821 27166->27169 27180 7ff655d9a71d 27166->27180 27197 7ff655d995a8 27167->27197 27171 7ff655dee2c0 27168->27171 27170 7ff655db2320 _handle_error 8 API calls 27169->27170 27173 7ff655d9a830 27170->27173 27174 7ff655d9a6aa GetWindowRect 27171->27174 27173->26848 27174->27167 27176->27161 27177 7ff655d9a6e5 SetWindowTextW 27177->27166 27178 7ff655d9a73e GetWindowRect 27178->27180 27179->27161 27180->27169 27180->27178 27181 7ff655d9a800 GetWindow 27180->27181 27181->27169 27181->27180 27183 7ff655d995a8 47 API calls 27182->27183 27185 7ff655d9944f 27183->27185 27184 7ff655db2320 _handle_error 8 API calls 27186 7ff655d9958e GetWindowRect GetClientRect 27184->27186 27187 7ff655d8129c 33 API calls 27185->27187 27194 7ff655d9955a 27185->27194 27186->27165 27186->27166 27188 7ff655d9949c 27187->27188 27189 7ff655d8129c 33 API calls 27188->27189 27196 7ff655d995a1 27188->27196 27192 7ff655d99514 27189->27192 27190 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27191 7ff655d995a7 27190->27191 27193 7ff655d9959c 27192->27193 27192->27194 27195 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27193->27195 27194->27184 27195->27196 27196->27190 27198 7ff655d93e28 swprintf 46 API calls 27197->27198 27199 7ff655d995eb 27198->27199 27200 7ff655da0f68 WideCharToMultiByte 27199->27200 27201 7ff655d99603 27200->27201 27202 7ff655d99800 31 API calls 27201->27202 27203 7ff655d9961b 27202->27203 27204 7ff655db2320 _handle_error 8 API calls 27203->27204 27205 7ff655d9962b 27204->27205 27205->27166 27205->27177 27207 7ff655d813a4 33 API calls 27206->27207 27208 7ff655d82462 GetWindowTextW 27207->27208 27209 7ff655d82494 27208->27209 27210 7ff655d8129c 33 API calls 27209->27210 27211 7ff655d824a2 27210->27211 27212 7ff655d824dd 27211->27212 27215 7ff655d82505 27211->27215 27213 7ff655db2320 _handle_error 8 API calls 27212->27213 27214 7ff655d824f3 27213->27214 27214->26857 27216 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27215->27216 27217 7ff655d8250a 27216->27217 27219->26882 27221 7ff655daae80 GetDlgItem 27220->27221 27222 7ff655daae3c GetMessageW 27220->27222 27221->26893 27221->26896 27223 7ff655daae6a TranslateMessage DispatchMessageW 27222->27223 27224 7ff655daae5b IsDialogMessageW 27222->27224 27223->27221 27224->27221 27224->27223 27227 7ff655d936b3 27225->27227 27226 7ff655d936e0 27229 7ff655d932bc 51 API calls 27226->27229 27227->27226 27228 7ff655d936cc CreateDirectoryW 27227->27228 27228->27226 27230 7ff655d9377d 27228->27230 27231 7ff655d936ee 27229->27231 27232 7ff655d9378d 27230->27232 27245 7ff655d93d34 27230->27245 27233 7ff655d93791 GetLastError 27231->27233 27234 7ff655d96a0c 49 API calls 27231->27234 27237 7ff655db2320 _handle_error 8 API calls 27232->27237 27233->27232 27236 7ff655d9371c 27234->27236 27238 7ff655d93720 CreateDirectoryW 27236->27238 27239 7ff655d9373b 27236->27239 27240 7ff655d937b9 27237->27240 27238->27239 27241 7ff655d93774 27239->27241 27242 7ff655d937ce 27239->27242 27240->26912 27241->27230 27241->27233 27243 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27242->27243 27244 7ff655d937d3 27243->27244 27246 7ff655d93d5e SetFileAttributesW 27245->27246 27247 7ff655d93d5b 27245->27247 27248 7ff655d93d74 27246->27248 27249 7ff655d93df5 27246->27249 27247->27246 27250 7ff655d96a0c 49 API calls 27248->27250 27251 7ff655db2320 _handle_error 8 API calls 27249->27251 27252 7ff655d93d99 27250->27252 27253 7ff655d93e0a 27251->27253 27254 7ff655d93dbc 27252->27254 27255 7ff655d93d9d SetFileAttributesW 27252->27255 27253->27232 27254->27249 27256 7ff655d93e1a 27254->27256 27255->27254 27257 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27256->27257 27258 7ff655d93e1f 27257->27258 27260 7ff655d8713b 27259->27260 27261 7ff655d87206 27259->27261 27267 7ff655d8714b BuildCatchObjectHelperInternal 27260->27267 27268 7ff655d83f48 33 API calls 2 library calls 27260->27268 27269 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 27261->27269 27264 7ff655d87273 27264->26928 27265 7ff655d8720b 27265->27264 27270 7ff655d8889c 8 API calls BuildCatchObjectHelperInternal 27265->27270 27267->26928 27268->27267 27269->27265 27270->27265 27272 7ff655daaa36 27271->27272 27273 7ff655daaa2f 27271->27273 27272->27273 27400 7ff655d81744 33 API calls 4 library calls 27272->27400 27273->27094 27275->27094 27277 7ff655daa47f 27276->27277 27278 7ff655daa706 27276->27278 27401 7ff655dacdf8 33 API calls 27277->27401 27280 7ff655db2320 _handle_error 8 API calls 27278->27280 27282 7ff655daa717 27280->27282 27281 7ff655daa49e 27283 7ff655d8129c 33 API calls 27281->27283 27282->27028 27284 7ff655daa4de 27283->27284 27285 7ff655d8129c 33 API calls 27284->27285 27286 7ff655daa517 27285->27286 27287 7ff655d8129c 33 API calls 27286->27287 27288 7ff655daa54a 27287->27288 27402 7ff655daa834 33 API calls _invalid_parameter_noinfo_noreturn 27288->27402 27290 7ff655daa734 27291 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27290->27291 27292 7ff655daa73a 27291->27292 27293 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27292->27293 27294 7ff655daa740 27293->27294 27296 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27294->27296 27295 7ff655daa573 27295->27290 27295->27292 27295->27294 27297 7ff655d820b0 33 API calls 27295->27297 27299 7ff655daa685 27295->27299 27298 7ff655daa746 27296->27298 27297->27299 27301 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27298->27301 27299->27278 27299->27298 27300 7ff655daa72f 27299->27300 27303 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27300->27303 27302 7ff655daa74c 27301->27302 27304 7ff655d8255c 61 API calls 27302->27304 27303->27290 27305 7ff655daa795 27304->27305 27306 7ff655daa801 SetDlgItemTextW 27305->27306 27307 7ff655daa7b1 27305->27307 27311 7ff655daa7a1 27305->27311 27306->27307 27308 7ff655db2320 _handle_error 8 API calls 27307->27308 27309 7ff655daa827 27308->27309 27309->27028 27310 7ff655daa7ad 27310->27307 27312 7ff655daa7b7 EndDialog 27310->27312 27311->27307 27311->27310 27403 7ff655d9bb00 102 API calls 27311->27403 27312->27307 27319 7ff655daf529 memcpy_s 27314->27319 27330 7ff655daf87d 27314->27330 27315 7ff655d81fa0 31 API calls 27316 7ff655daf89c 27315->27316 27317 7ff655db2320 _handle_error 8 API calls 27316->27317 27318 7ff655daf8a8 27317->27318 27318->27032 27321 7ff655daf684 27319->27321 27404 7ff655da13c4 CompareStringW 27319->27404 27322 7ff655d8129c 33 API calls 27321->27322 27323 7ff655daf6c0 27322->27323 27324 7ff655d932a8 51 API calls 27323->27324 27325 7ff655daf6ca 27324->27325 27326 7ff655d81fa0 31 API calls 27325->27326 27329 7ff655daf6d5 27326->27329 27327 7ff655daf742 ShellExecuteExW 27328 7ff655daf846 27327->27328 27334 7ff655daf755 27327->27334 27328->27330 27336 7ff655daf8fb 27328->27336 27329->27327 27332 7ff655d8129c 33 API calls 27329->27332 27330->27315 27331 7ff655daf78e 27406 7ff655dafe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27331->27406 27335 7ff655daf717 27332->27335 27333 7ff655daf7e3 CloseHandle 27339 7ff655daf801 27333->27339 27340 7ff655daf7f2 27333->27340 27334->27331 27334->27333 27342 7ff655daf781 ShowWindow 27334->27342 27405 7ff655d95b60 53 API calls 2 library calls 27335->27405 27338 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27336->27338 27345 7ff655daf900 27338->27345 27339->27328 27348 7ff655daf837 ShowWindow 27339->27348 27407 7ff655da13c4 CompareStringW 27340->27407 27342->27331 27344 7ff655daf725 27347 7ff655d81fa0 31 API calls 27344->27347 27346 7ff655daf7a6 27346->27333 27350 7ff655daf7b4 GetExitCodeProcess 27346->27350 27349 7ff655daf72f 27347->27349 27348->27328 27349->27327 27350->27333 27351 7ff655daf7c7 27350->27351 27351->27333 27352->27094 27353->27094 27354->27094 27355->27094 27356->27094 27357->27094 27358->27094 27359->27094 27360->27094 27361->27094 27363 7ff655d972ea 27362->27363 27408 7ff655d8b3a8 27363->27408 27366->27094 27368 7ff655d931e4 27367->27368 27369 7ff655d931e7 DeleteFileW 27367->27369 27368->27369 27370 7ff655d931fd 27369->27370 27377 7ff655d9327c 27369->27377 27372 7ff655d96a0c 49 API calls 27370->27372 27371 7ff655db2320 _handle_error 8 API calls 27373 7ff655d93291 27371->27373 27374 7ff655d93222 27372->27374 27373->27094 27375 7ff655d93226 DeleteFileW 27374->27375 27376 7ff655d93243 27374->27376 27375->27376 27376->27377 27378 7ff655d932a1 27376->27378 27377->27371 27379 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27378->27379 27380 7ff655d932a6 27379->27380 27382->27094 27383->27094 27384->27094 27385->27094 27386->27094 27387->27094 27391 7ff655d9d25e 27388->27391 27389 7ff655d9d292 27389->27083 27390 7ff655d81744 33 API calls 27390->27391 27391->27389 27391->27390 27392->26985 27394->26953 27395->26956 27396->26958 27397->27010 27400->27272 27401->27281 27402->27295 27403->27310 27404->27321 27405->27344 27406->27346 27407->27339 27411 7ff655d8b3f2 memcpy_s 27408->27411 27409 7ff655db2320 _handle_error 8 API calls 27410 7ff655d8b4b6 27409->27410 27410->27094 27411->27409 27468 7ff655d986ec 27412->27468 27414 7ff655d8e3c4 27478 7ff655d8e600 27414->27478 27416 7ff655d8e4d4 27419 7ff655db21d0 33 API calls 27416->27419 27417 7ff655d8e549 27420 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27417->27420 27418 7ff655d8e454 27418->27416 27418->27417 27421 7ff655d8e4f0 27419->27421 27425 7ff655d8e54e 27420->27425 27484 7ff655da3148 102 API calls 27421->27484 27423 7ff655d8e51d 27424 7ff655db2320 _handle_error 8 API calls 27423->27424 27426 7ff655d8e52d 27424->27426 27427 7ff655d9190d 27425->27427 27428 7ff655d918c2 27425->27428 27429 7ff655d81fa0 31 API calls 27425->27429 27426->27102 27427->27102 27428->27427 27430 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27428->27430 27429->27425 27431 7ff655d9193b 27430->27431 27433 7ff655d8e7ea 27432->27433 27434 7ff655d8e864 27433->27434 27436 7ff655d8e8a1 27433->27436 27497 7ff655d93ec8 27433->27497 27434->27436 27437 7ff655d8e993 27434->27437 27444 7ff655d8e900 27436->27444 27504 7ff655d8f578 27436->27504 27438 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27437->27438 27441 7ff655d8e998 27438->27441 27439 7ff655d8e955 27440 7ff655db2320 _handle_error 8 API calls 27439->27440 27443 7ff655d8e97e 27440->27443 27446 7ff655d8e578 27443->27446 27444->27439 27540 7ff655d828a4 82 API calls 2 library calls 27444->27540 28448 7ff655d915d8 27446->28448 27449 7ff655d8e59e 27451 7ff655d81fa0 31 API calls 27449->27451 27450 7ff655da1870 108 API calls 27450->27449 27452 7ff655d8e5b7 27451->27452 27453 7ff655d81fa0 31 API calls 27452->27453 27454 7ff655d8e5c3 27453->27454 27455 7ff655d81fa0 31 API calls 27454->27455 27456 7ff655d8e5cf 27455->27456 27457 7ff655d9878c 108 API calls 27456->27457 27458 7ff655d8e5db 27457->27458 27459 7ff655d81fa0 31 API calls 27458->27459 27460 7ff655d8e5e4 27459->27460 27461 7ff655d81fa0 31 API calls 27460->27461 27465 7ff655d8e5ed 27461->27465 27462 7ff655d918c2 27464 7ff655d9190d 27462->27464 27466 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27462->27466 27463 7ff655d81fa0 31 API calls 27463->27465 27464->27106 27465->27462 27465->27463 27465->27464 27467 7ff655d9193b 27466->27467 27469 7ff655d9870a 27468->27469 27470 7ff655db21d0 33 API calls 27469->27470 27471 7ff655d9872f 27470->27471 27472 7ff655d98743 27471->27472 27485 7ff655d89f1c 27471->27485 27474 7ff655db21d0 33 API calls 27472->27474 27475 7ff655d98759 27474->27475 27476 7ff655d9876b 27475->27476 27477 7ff655d89f1c 33 API calls 27475->27477 27476->27414 27477->27476 27479 7ff655d8e627 27478->27479 27482 7ff655d8e62c BuildCatchObjectHelperInternal 27478->27482 27480 7ff655d81fa0 31 API calls 27479->27480 27480->27482 27481 7ff655d81fa0 31 API calls 27483 7ff655d8e668 BuildCatchObjectHelperInternal 27481->27483 27482->27481 27482->27483 27483->27418 27484->27423 27490 7ff655db24a0 27485->27490 27488 7ff655db24a0 33 API calls 27489 7ff655d89f75 memcpy_s 27488->27489 27489->27472 27491 7ff655db24d1 27490->27491 27492 7ff655d89f4a 27491->27492 27494 7ff655d89fb0 27491->27494 27492->27488 27495 7ff655d9b788 33 API calls 27494->27495 27496 7ff655d89fc2 27495->27496 27496->27491 27498 7ff655d972cc 8 API calls 27497->27498 27499 7ff655d93ee1 27498->27499 27500 7ff655d93f0f 27499->27500 27541 7ff655d940bc 27499->27541 27500->27433 27503 7ff655d93efa FindClose 27503->27500 27505 7ff655d8f598 _snwprintf 27504->27505 27567 7ff655d82950 27505->27567 27508 7ff655d8f5cc 27512 7ff655d8f5fc 27508->27512 27584 7ff655d833e4 27508->27584 27511 7ff655d8f5f8 27511->27512 27616 7ff655d83ad8 27511->27616 27819 7ff655d82c54 27512->27819 27520 7ff655d88d04 33 API calls 27521 7ff655d8f662 27520->27521 27839 7ff655d97918 48 API calls 2 library calls 27521->27839 27523 7ff655d8f677 27524 7ff655d93ec8 55 API calls 27523->27524 27526 7ff655d8f6ad 27524->27526 27531 7ff655d8f74d 27526->27531 27533 7ff655d8f89a 27526->27533 27535 7ff655d93ec8 55 API calls 27526->27535 27840 7ff655d97918 48 API calls 2 library calls 27526->27840 27531->27533 27534 7ff655d8f7cb 27531->27534 27537 7ff655d8f895 27531->27537 27532 7ff655d8f842 27532->27512 27631 7ff655d869f8 27532->27631 27642 7ff655d8f930 27532->27642 27536 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27533->27536 27626 7ff655d8f8a4 27534->27626 27535->27526 27539 7ff655d8f8a0 27536->27539 27538 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27537->27538 27538->27533 27540->27439 27542 7ff655d941d2 FindNextFileW 27541->27542 27543 7ff655d940f9 FindFirstFileW 27541->27543 27545 7ff655d941e1 GetLastError 27542->27545 27546 7ff655d941f3 27542->27546 27543->27546 27547 7ff655d9411e 27543->27547 27566 7ff655d941c0 27545->27566 27548 7ff655d94211 27546->27548 27552 7ff655d820b0 33 API calls 27546->27552 27549 7ff655d96a0c 49 API calls 27547->27549 27553 7ff655d8129c 33 API calls 27548->27553 27551 7ff655d94144 27549->27551 27550 7ff655db2320 _handle_error 8 API calls 27554 7ff655d93ef4 27550->27554 27555 7ff655d94167 27551->27555 27556 7ff655d94148 FindFirstFileW 27551->27556 27552->27548 27557 7ff655d9423b 27553->27557 27554->27500 27554->27503 27555->27546 27559 7ff655d941af GetLastError 27555->27559 27560 7ff655d94314 27555->27560 27556->27555 27558 7ff655d98090 47 API calls 27557->27558 27561 7ff655d94249 27558->27561 27559->27566 27562 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27560->27562 27564 7ff655d9430f 27561->27564 27561->27566 27563 7ff655d9431a 27562->27563 27565 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27564->27565 27565->27560 27566->27550 27568 7ff655d8296c 27567->27568 27569 7ff655d89f1c 33 API calls 27568->27569 27570 7ff655d82980 27569->27570 27571 7ff655d986ec 33 API calls 27570->27571 27572 7ff655d8298d 27571->27572 27573 7ff655db21d0 33 API calls 27572->27573 27576 7ff655d82ac2 27572->27576 27574 7ff655d82ab0 27573->27574 27574->27576 27578 7ff655d891c8 35 API calls 27574->27578 27842 7ff655d94d04 27576->27842 27578->27576 27579 7ff655d92ca8 27583 7ff655d924c0 54 API calls 27579->27583 27580 7ff655d92cc1 27581 7ff655d92cc5 27580->27581 27856 7ff655d8b7e8 99 API calls 2 library calls 27580->27856 27581->27508 27583->27580 27611 7ff655d928d0 104 API calls 27584->27611 27585 7ff655d8344e 27586 7ff655d83674 27585->27586 27592 7ff655d83682 27585->27592 27857 7ff655d828a4 82 API calls 2 library calls 27586->27857 27587 7ff655d83431 memcpy_s 27587->27585 27589 7ff655d83601 27587->27589 27608 7ff655d92bb0 101 API calls 27587->27608 27589->27511 27590 7ff655d869f8 132 API calls 27590->27592 27591 7ff655d834cc 27612 7ff655d928d0 104 API calls 27591->27612 27592->27589 27592->27590 27596 7ff655d8370c 27592->27596 27613 7ff655d92aa0 101 API calls 27592->27613 27593 7ff655d835cb 27593->27585 27594 7ff655d835d7 27593->27594 27594->27589 27599 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27594->27599 27595 7ff655d83740 27595->27589 27598 7ff655d8384d 27595->27598 27614 7ff655d92bb0 101 API calls 27595->27614 27596->27589 27596->27595 27858 7ff655d828a4 82 API calls 2 library calls 27596->27858 27598->27589 27600 7ff655d820b0 33 API calls 27598->27600 27601 7ff655d83891 27599->27601 27600->27589 27601->27511 27602 7ff655d834eb 27602->27593 27609 7ff655d92aa0 101 API calls 27602->27609 27603 7ff655d835a7 27603->27593 27615 7ff655d928d0 104 API calls 27603->27615 27604 7ff655d869f8 132 API calls 27605 7ff655d8378e 27604->27605 27605->27604 27606 7ff655d83803 27605->27606 27607 7ff655d92aa0 101 API calls 27605->27607 27610 7ff655d92aa0 101 API calls 27606->27610 27607->27605 27608->27591 27609->27603 27610->27598 27611->27587 27612->27602 27613->27592 27614->27605 27615->27593 27617 7ff655d83af9 27616->27617 27622 7ff655d83b55 27616->27622 27859 7ff655d83378 27617->27859 27619 7ff655db2320 _handle_error 8 API calls 27620 7ff655d83b67 27619->27620 27620->27520 27620->27534 27622->27619 27623 7ff655d83b6c 27624 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27623->27624 27625 7ff655d83b71 27624->27625 28102 7ff655d9886c 27626->28102 27628 7ff655d8f8ba 28106 7ff655d9ef60 GetSystemTime SystemTimeToFileTime 27628->28106 27632 7ff655d86a0a 27631->27632 27633 7ff655d86a0e 27631->27633 27632->27532 27641 7ff655d92bb0 101 API calls 27633->27641 27634 7ff655d86a1b 27635 7ff655d86a2f 27634->27635 27636 7ff655d86a3e 27634->27636 27635->27632 28115 7ff655d85e24 27635->28115 28177 7ff655d85130 130 API calls 2 library calls 27636->28177 27639 7ff655d86a3c 27639->27632 28178 7ff655d8466c 82 API calls 27639->28178 27641->27634 27643 7ff655d8f978 27642->27643 27646 7ff655d8f9b0 27643->27646 27703 7ff655d8fa34 27643->27703 28293 7ff655da612c 137 API calls 3 library calls 27643->28293 27645 7ff655d91189 27647 7ff655d9118e 27645->27647 27648 7ff655d911e1 27645->27648 27646->27645 27652 7ff655d8f9d0 27646->27652 27646->27703 27647->27703 28341 7ff655d8dd08 179 API calls 27647->28341 27648->27703 28342 7ff655da612c 137 API calls 3 library calls 27648->28342 27649 7ff655db2320 _handle_error 8 API calls 27650 7ff655d911c4 27649->27650 27650->27532 27652->27703 28208 7ff655d89bb0 27652->28208 27655 7ff655d8fad6 28221 7ff655d95ef8 27655->28221 27703->27649 27820 7ff655d82c88 27819->27820 27821 7ff655d82c74 27819->27821 27822 7ff655d81fa0 31 API calls 27820->27822 27821->27820 28427 7ff655d82d80 108 API calls _invalid_parameter_noinfo_noreturn 27821->28427 27826 7ff655d82ca1 27822->27826 27825 7ff655d82d08 28429 7ff655d83090 31 API calls _invalid_parameter_noinfo_noreturn 27825->28429 27838 7ff655d82d64 27826->27838 28428 7ff655d83090 31 API calls _invalid_parameter_noinfo_noreturn 27826->28428 27827 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27829 7ff655d82d7c 27827->27829 27830 7ff655d82d14 27831 7ff655d81fa0 31 API calls 27830->27831 27832 7ff655d82d20 27831->27832 28430 7ff655d9878c 27832->28430 27838->27827 27839->27523 27840->27526 27841 7ff655da0994 83 API calls _handle_error 27841->27532 27843 7ff655d94d32 memcpy_s 27842->27843 27852 7ff655d94bac 27843->27852 27845 7ff655d94d54 27846 7ff655d94d90 27845->27846 27848 7ff655d94dae 27845->27848 27847 7ff655db2320 _handle_error 8 API calls 27846->27847 27849 7ff655d82b32 27847->27849 27850 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27848->27850 27849->27508 27849->27579 27851 7ff655d94db3 27850->27851 27853 7ff655d94c27 27852->27853 27855 7ff655d94c2f BuildCatchObjectHelperInternal 27852->27855 27854 7ff655d81fa0 31 API calls 27853->27854 27854->27855 27855->27845 27856->27581 27857->27589 27858->27595 27860 7ff655d8339a 27859->27860 27861 7ff655d83396 27859->27861 27865 7ff655d83294 27860->27865 27861->27622 27861->27623 27864 7ff655d92aa0 101 API calls 27864->27861 27866 7ff655d832bb 27865->27866 27868 7ff655d832f6 27865->27868 27867 7ff655d869f8 132 API calls 27866->27867 27871 7ff655d832db 27867->27871 27873 7ff655d86e74 27868->27873 27871->27864 27877 7ff655d86e95 27873->27877 27874 7ff655d869f8 132 API calls 27874->27877 27875 7ff655d8331d 27875->27871 27878 7ff655d83904 27875->27878 27877->27874 27877->27875 27905 7ff655d9e808 27877->27905 27913 7ff655d86a7c 27878->27913 27881 7ff655d8396a 27884 7ff655d8399a 27881->27884 27885 7ff655d83989 27881->27885 27882 7ff655d83a8a 27886 7ff655db2320 _handle_error 8 API calls 27882->27886 27889 7ff655d839a3 27884->27889 27891 7ff655d839ec 27884->27891 27954 7ff655da0d54 33 API calls 27885->27954 27888 7ff655d83a9e 27886->27888 27888->27871 27955 7ff655da0c80 33 API calls 27889->27955 27890 7ff655d83ab3 27892 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27890->27892 27956 7ff655d826b4 33 API calls BuildCatchObjectHelperInternal 27891->27956 27894 7ff655d83ab8 27892->27894 27898 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27894->27898 27895 7ff655d839b0 27899 7ff655d81fa0 31 API calls 27895->27899 27903 7ff655d839c0 BuildCatchObjectHelperInternal 27895->27903 27897 7ff655d83a13 27957 7ff655da0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27897->27957 27902 7ff655d83abe 27898->27902 27899->27903 27900 7ff655d81fa0 31 API calls 27904 7ff655d8394f 27900->27904 27903->27900 27904->27882 27904->27890 27904->27894 27906 7ff655d9e811 27905->27906 27907 7ff655d9e82b 27906->27907 27911 7ff655d8b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27906->27911 27909 7ff655d9e845 SetThreadExecutionState 27907->27909 27912 7ff655d8b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27907->27912 27911->27907 27912->27909 27914 7ff655d86a96 _snwprintf 27913->27914 27915 7ff655d86ae4 27914->27915 27916 7ff655d86ac4 27914->27916 27917 7ff655d86d4d 27915->27917 27921 7ff655d86b0f 27915->27921 27996 7ff655d828a4 82 API calls 2 library calls 27916->27996 28025 7ff655d828a4 82 API calls 2 library calls 27917->28025 27920 7ff655d86ad0 27922 7ff655db2320 _handle_error 8 API calls 27920->27922 27921->27920 27958 7ff655da1f94 27921->27958 27923 7ff655d8394b 27922->27923 27923->27881 27923->27904 27945 7ff655d82794 27923->27945 27926 7ff655d86b85 27929 7ff655d86c2a 27926->27929 27944 7ff655d86b7b 27926->27944 28002 7ff655d98968 109 API calls 27926->28002 27927 7ff655d86b80 27927->27926 27998 7ff655d840b0 27927->27998 27928 7ff655d86b6e 27997 7ff655d828a4 82 API calls 2 library calls 27928->27997 27967 7ff655d94760 27929->27967 27935 7ff655d86c52 27936 7ff655d86cc7 27935->27936 27937 7ff655d86cd1 27935->27937 27971 7ff655d91794 27936->27971 28003 7ff655da1f20 27937->28003 27940 7ff655d86ccf 27986 7ff655da1870 27944->27986 27946 7ff655d8289b 27945->27946 27947 7ff655d827d1 27945->27947 28101 7ff655d82018 33 API calls std::_Xinvalid_argument 27946->28101 27950 7ff655db21d0 33 API calls 27947->27950 27951 7ff655d827ed __std_swap_ranges_trivially_swappable 27947->27951 27950->27951 28096 7ff655d83bc0 27951->28096 27953 7ff655d82888 27953->27881 27954->27904 27955->27895 27956->27897 27957->27904 27959 7ff655da2056 std::bad_alloc::bad_alloc 27958->27959 27962 7ff655da1fc5 std::bad_alloc::bad_alloc 27958->27962 27961 7ff655db4078 Concurrency::cancel_current_task 2 API calls 27959->27961 27960 7ff655d86b59 27960->27926 27960->27927 27960->27928 27961->27962 27962->27960 27963 7ff655db4078 Concurrency::cancel_current_task 2 API calls 27962->27963 27964 7ff655da200f std::bad_alloc::bad_alloc 27962->27964 27963->27964 27964->27960 27965 7ff655db4078 Concurrency::cancel_current_task 2 API calls 27964->27965 27966 7ff655da20a9 27965->27966 27968 7ff655d94780 27967->27968 27970 7ff655d9478a 27967->27970 27969 7ff655db21d0 33 API calls 27968->27969 27969->27970 27970->27935 27972 7ff655d917be memcpy_s 27971->27972 28026 7ff655d98a48 27972->28026 27987 7ff655da188e 27986->27987 27989 7ff655da18a1 27987->27989 28046 7ff655d9e948 27987->28046 27993 7ff655da18d8 27989->27993 28042 7ff655db236c 27989->28042 27991 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 27992 7ff655da1ad0 27991->27992 27995 7ff655da1a37 27993->27995 28053 7ff655d9a984 31 API calls _invalid_parameter_noinfo_noreturn 27993->28053 27995->27991 27996->27920 27997->27944 27999 7ff655d840dd 27998->27999 28000 7ff655d840d7 memcpy_s 27998->28000 27999->28000 28054 7ff655d84120 27999->28054 28000->27926 28002->27929 28004 7ff655da1f29 28003->28004 28005 7ff655da1f5d 28004->28005 28006 7ff655da1f55 28004->28006 28007 7ff655da1f49 28004->28007 28005->27940 28092 7ff655da3964 151 API calls 28006->28092 28060 7ff655da20ac 28007->28060 28025->27920 28028 7ff655d98bcd 28026->28028 28032 7ff655d98a91 BuildCatchObjectHelperInternal 28026->28032 28031 7ff655da612c 137 API calls 28031->28032 28032->28028 28032->28031 28033 7ff655d98c1f 28032->28033 28034 7ff655d94888 108 API calls 28032->28034 28035 7ff655d928d0 104 API calls 28032->28035 28034->28032 28035->28032 28043 7ff655db239f 28042->28043 28044 7ff655db23c8 28043->28044 28045 7ff655da1870 108 API calls 28043->28045 28044->27993 28045->28043 28047 7ff655d9ecd8 103 API calls 28046->28047 28048 7ff655d9e95f ReleaseSemaphore 28047->28048 28049 7ff655d9e9a3 DeleteCriticalSection CloseHandle CloseHandle 28048->28049 28050 7ff655d9e984 28048->28050 28051 7ff655d9ea5c 101 API calls 28050->28051 28052 7ff655d9e98e CloseHandle 28051->28052 28052->28049 28052->28050 28053->27995 28055 7ff655d84168 memcpy_s __std_swap_ranges_trivially_swappable 28054->28055 28058 7ff655d84149 28054->28058 28056 7ff655d82018 33 API calls 28055->28056 28057 7ff655d841eb 28056->28057 28058->28055 28059 7ff655db21d0 33 API calls 28058->28059 28059->28055 28092->28005 28097 7ff655d83be8 28096->28097 28098 7ff655d83c0d 28096->28098 28097->28098 28099 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 28097->28099 28098->27953 28100 7ff655d83c42 28099->28100 28103 7ff655d98882 28102->28103 28104 7ff655d98892 28102->28104 28109 7ff655d923f0 28103->28109 28104->27628 28107 7ff655db2320 _handle_error 8 API calls 28106->28107 28108 7ff655d8f7dc 28107->28108 28108->27532 28108->27841 28110 7ff655d9240f 28109->28110 28113 7ff655d92aa0 101 API calls 28110->28113 28111 7ff655d92428 28114 7ff655d92bb0 101 API calls 28111->28114 28112 7ff655d92438 28112->28104 28113->28111 28114->28112 28116 7ff655d85e67 28115->28116 28179 7ff655d985f0 28116->28179 28118 7ff655d86134 28189 7ff655d86fcc 82 API calls 28118->28189 28120 7ff655d8613c 28124 7ff655d86973 28202 7ff655d8466c 82 API calls 28124->28202 28127 7ff655d8612e 28127->28118 28127->28124 28131 7ff655d985f0 104 API calls 28127->28131 28133 7ff655d861a4 28131->28133 28133->28118 28136 7ff655d861ac 28133->28136 28177->27639 28180 7ff655d98614 28179->28180 28181 7ff655d9869a 28179->28181 28183 7ff655d840b0 33 API calls 28180->28183 28186 7ff655d9867c 28180->28186 28182 7ff655d840b0 33 API calls 28181->28182 28181->28186 28184 7ff655d986b3 28182->28184 28185 7ff655d9864d 28183->28185 28188 7ff655d928d0 104 API calls 28184->28188 28203 7ff655d8a174 28185->28203 28186->28127 28188->28186 28189->28120 28204 7ff655d8a185 28203->28204 28205 7ff655d8a19a 28204->28205 28207 7ff655d9af18 8 API calls 2 library calls 28204->28207 28205->28186 28207->28205 28216 7ff655d89be7 28208->28216 28209 7ff655d89c1b 28210 7ff655db2320 _handle_error 8 API calls 28209->28210 28211 7ff655d89c9d 28210->28211 28211->27655 28213 7ff655d89c83 28214 7ff655d81fa0 31 API calls 28213->28214 28214->28209 28216->28209 28216->28213 28217 7ff655d89cae 28216->28217 28343 7ff655d95294 28216->28343 28361 7ff655d9db60 28216->28361 28218 7ff655d89cbf 28217->28218 28365 7ff655d9da48 CompareStringW 28217->28365 28218->28213 28220 7ff655d820b0 33 API calls 28218->28220 28220->28213 28234 7ff655d95f3a 28221->28234 28222 7ff655d9619b 28223 7ff655db2320 _handle_error 8 API calls 28222->28223 28224 7ff655d961ce 28369 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 28224->28369 28227 7ff655d8129c 33 API calls 28229 7ff655d96129 28227->28229 28234->28222 28234->28224 28234->28227 28293->27646 28341->27703 28342->27703 28344 7ff655d952d4 28343->28344 28348 7ff655d95339 __vcrt_FlsAlloc 28344->28348 28349 7ff655d95312 __vcrt_FlsAlloc 28344->28349 28366 7ff655da13f4 CompareStringW 28344->28366 28345 7ff655db2320 _handle_error 8 API calls 28347 7ff655d95503 28345->28347 28347->28216 28348->28345 28349->28348 28351 7ff655d95382 __vcrt_FlsAlloc 28349->28351 28367 7ff655da13f4 CompareStringW 28349->28367 28351->28348 28352 7ff655d95439 28351->28352 28353 7ff655d8129c 33 API calls 28351->28353 28355 7ff655d9551b 28352->28355 28356 7ff655d95489 28352->28356 28354 7ff655d95426 28353->28354 28357 7ff655d972cc 8 API calls 28354->28357 28359 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 28355->28359 28356->28348 28368 7ff655da13f4 CompareStringW 28356->28368 28357->28352 28360 7ff655d95520 28359->28360 28363 7ff655d9db73 28361->28363 28362 7ff655d9db91 28362->28216 28363->28362 28364 7ff655d820b0 33 API calls 28363->28364 28364->28362 28365->28218 28366->28349 28367->28351 28368->28348 28427->27820 28428->27825 28429->27830 28431 7ff655d987af 28430->28431 28441 7ff655d987df 28430->28441 28432 7ff655db236c 108 API calls 28431->28432 28435 7ff655d987ca 28432->28435 28433 7ff655db236c 108 API calls 28437 7ff655d98814 28433->28437 28436 7ff655db236c 108 API calls 28435->28436 28436->28441 28439 7ff655db236c 108 API calls 28437->28439 28438 7ff655d98845 28440 7ff655d9461c 108 API calls 28438->28440 28442 7ff655d9882b 28439->28442 28443 7ff655d98851 28440->28443 28441->28433 28441->28442 28444 7ff655d9461c 28442->28444 28445 7ff655d94632 28444->28445 28447 7ff655d9463a 28444->28447 28446 7ff655d9e948 108 API calls 28445->28446 28446->28447 28447->28438 28449 7ff655d9163e 28448->28449 28453 7ff655d91681 28448->28453 28452 7ff655d931bc 51 API calls 28449->28452 28449->28453 28450 7ff655d81fa0 31 API calls 28450->28453 28451 7ff655d8e600 31 API calls 28455 7ff655d916de 28451->28455 28452->28449 28453->28450 28458 7ff655d916a0 28453->28458 28454 7ff655d9178d 28460 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 28454->28460 28455->28454 28456 7ff655d9175b 28455->28456 28457 7ff655db2320 _handle_error 8 API calls 28456->28457 28459 7ff655d8e58a 28457->28459 28458->28451 28459->27449 28459->27450 28461 7ff655d91792 28460->28461 28462->27122 28463->27125 28464->27128 28465 7ff655db1491 28467 7ff655db13c9 28465->28467 28466 7ff655db1900 _com_raise_error 14 API calls 28466->28467 28467->28466 25738 7ff655db0df5 14 API calls _com_raise_error 25743 7ff655db2d6c 25768 7ff655db27fc 25743->25768 25746 7ff655db2eb8 25866 7ff655db3170 7 API calls 2 library calls 25746->25866 25747 7ff655db2d88 __scrt_acquire_startup_lock 25749 7ff655db2ec2 25747->25749 25752 7ff655db2da6 25747->25752 25867 7ff655db3170 7 API calls 2 library calls 25749->25867 25751 7ff655db2ecd abort 25753 7ff655db2dcb 25752->25753 25759 7ff655db2de8 __scrt_release_startup_lock 25752->25759 25776 7ff655dbcd90 25752->25776 25755 7ff655db2e51 25780 7ff655db32bc 25755->25780 25757 7ff655db2e56 25783 7ff655dbcd20 25757->25783 25759->25755 25863 7ff655dbc050 35 API calls __GSHandlerCheck_EH 25759->25863 25868 7ff655db2fb0 25768->25868 25771 7ff655db2827 25771->25746 25771->25747 25772 7ff655db282b 25870 7ff655dbcc50 25772->25870 25777 7ff655dbcdcc 25776->25777 25778 7ff655dbcdeb 25776->25778 25777->25778 25887 7ff655d81120 25777->25887 25778->25759 25930 7ff655db3cf0 25780->25930 25932 7ff655dc0730 25783->25932 25785 7ff655dbcd2f 25786 7ff655db2e5e 25785->25786 25936 7ff655dc0ac0 35 API calls _snwprintf 25785->25936 25788 7ff655db0754 25786->25788 25938 7ff655d9dfd0 25788->25938 25792 7ff655db079a 26025 7ff655da946c 25792->26025 25794 7ff655db07a4 memcpy_s 26030 7ff655da9a14 25794->26030 25796 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25798 7ff655db0de2 25796->25798 25797 7ff655db096e GetCommandLineW 25799 7ff655db0980 25797->25799 25838 7ff655db0b42 25797->25838 25802 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25798->25802 26040 7ff655d8129c 25799->26040 25800 7ff655db0819 25800->25797 25846 7ff655db0ddc 25800->25846 25814 7ff655db0de8 25802->25814 25803 7ff655db0b51 25807 7ff655d81fa0 31 API calls 25803->25807 25811 7ff655db0b68 BuildCatchObjectHelperInternal 25803->25811 25805 7ff655d81fa0 31 API calls 25808 7ff655db0b93 SetEnvironmentVariableW GetLocalTime 25805->25808 25806 7ff655db09a5 26050 7ff655dacad0 25806->26050 25807->25811 26093 7ff655d93e28 25808->26093 25810 7ff655db1900 _com_raise_error 14 API calls 25810->25814 25811->25805 25813 7ff655db09af 25813->25798 25817 7ff655db09f9 OpenFileMappingW 25813->25817 25818 7ff655db0adb 25813->25818 25814->25810 25820 7ff655db0ad0 CloseHandle 25817->25820 25821 7ff655db0a19 MapViewOfFile 25817->25821 25824 7ff655d8129c 33 API calls 25818->25824 25820->25838 25821->25820 25822 7ff655db0a3f UnmapViewOfFile MapViewOfFile 25821->25822 25822->25820 25825 7ff655db0a71 25822->25825 25827 7ff655db0b00 25824->25827 26128 7ff655daa190 33 API calls 2 library calls 25825->26128 25826 7ff655db0c75 26121 7ff655da67b4 25826->26121 26068 7ff655dafd0c 25827->26068 25831 7ff655db0a81 25834 7ff655dafd0c 35 API calls 25831->25834 25836 7ff655db0a90 25834->25836 25835 7ff655da67b4 33 API calls 25837 7ff655db0c87 DialogBoxParamW 25835->25837 26129 7ff655d9b9b4 102 API calls 25836->26129 25844 7ff655db0cd3 25837->25844 26081 7ff655d96454 25838->26081 25840 7ff655db0dd7 25843 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 25840->25843 25841 7ff655db0aa5 26130 7ff655d9bb00 102 API calls 25841->26130 25843->25846 25847 7ff655db0ce6 Sleep 25844->25847 25848 7ff655db0cec 25844->25848 25845 7ff655db0ab8 25850 7ff655db0ac7 UnmapViewOfFile 25845->25850 25846->25796 25847->25848 25849 7ff655db0cfa 25848->25849 26131 7ff655da9f4c 49 API calls 2 library calls 25848->26131 25852 7ff655db0d06 DeleteObject 25849->25852 25850->25820 25853 7ff655db0d1f DeleteObject 25852->25853 25854 7ff655db0d25 25852->25854 25853->25854 25855 7ff655db0d6d 25854->25855 25856 7ff655db0d5b 25854->25856 26124 7ff655da94e4 25855->26124 26132 7ff655dafe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 25856->26132 25858 7ff655db0d60 CloseHandle 25858->25855 25863->25755 25866->25749 25867->25751 25869 7ff655db281e __scrt_dllmain_crt_thread_attach 25868->25869 25869->25771 25869->25772 25871 7ff655dc0d4c 25870->25871 25872 7ff655db2830 25871->25872 25875 7ff655dbec00 25871->25875 25872->25771 25874 7ff655db51a0 7 API calls 2 library calls 25872->25874 25874->25771 25886 7ff655dbf398 EnterCriticalSection 25875->25886 25892 7ff655d891c8 25887->25892 25891 7ff655db2a01 25891->25777 25900 7ff655d956a4 25892->25900 25894 7ff655d891df 25903 7ff655d9b788 25894->25903 25898 7ff655d81130 25899 7ff655db29bc 34 API calls 25898->25899 25899->25891 25909 7ff655d956e8 25900->25909 25918 7ff655d813a4 25903->25918 25906 7ff655d89a28 25907 7ff655d956e8 2 API calls 25906->25907 25908 7ff655d89a36 25907->25908 25908->25898 25910 7ff655d956fe memcpy_s 25909->25910 25913 7ff655d9eba4 25910->25913 25916 7ff655d9eb58 GetCurrentProcess GetProcessAffinityMask 25913->25916 25917 7ff655d956de 25916->25917 25917->25894 25919 7ff655d813ad 25918->25919 25927 7ff655d8142d 25918->25927 25920 7ff655d8143d 25919->25920 25921 7ff655d813ce 25919->25921 25929 7ff655d82018 33 API calls std::_Xinvalid_argument 25920->25929 25924 7ff655db21d0 33 API calls 25921->25924 25925 7ff655d813db memcpy_s 25921->25925 25924->25925 25928 7ff655d8197c 31 API calls _invalid_parameter_noinfo_noreturn 25925->25928 25927->25906 25928->25927 25931 7ff655db32d3 GetStartupInfoW 25930->25931 25931->25757 25933 7ff655dc0749 25932->25933 25934 7ff655dc073d 25932->25934 25933->25785 25937 7ff655dc0570 48 API calls 4 library calls 25934->25937 25936->25785 25937->25933 26133 7ff655db2450 25938->26133 25941 7ff655d9e026 GetProcAddress 25943 7ff655d9e053 GetProcAddress 25941->25943 25944 7ff655d9e03b 25941->25944 25942 7ff655d9e07b 25945 7ff655d9e503 25942->25945 26166 7ff655dbb788 39 API calls 2 library calls 25942->26166 25943->25942 25948 7ff655d9e068 25943->25948 25944->25943 25947 7ff655d96454 34 API calls 25945->25947 25950 7ff655d9e50c 25947->25950 25948->25942 25949 7ff655d9e3b0 25949->25945 25951 7ff655d9e3ba 25949->25951 26135 7ff655d97df4 25950->26135 25953 7ff655d96454 34 API calls 25951->25953 25954 7ff655d9e3c3 CreateFileW 25953->25954 25955 7ff655d9e4f0 CloseHandle 25954->25955 25956 7ff655d9e403 SetFilePointer 25954->25956 25959 7ff655d81fa0 31 API calls 25955->25959 25956->25955 25958 7ff655d9e41c ReadFile 25956->25958 25958->25955 25960 7ff655d9e444 25958->25960 25959->25945 25961 7ff655d9e800 25960->25961 25962 7ff655d9e458 25960->25962 26178 7ff655db2624 8 API calls 25961->26178 25967 7ff655d8129c 33 API calls 25962->25967 25964 7ff655d9e53e CompareStringW 25982 7ff655d9e51a 25964->25982 25965 7ff655d8129c 33 API calls 25965->25982 25966 7ff655d9e805 25971 7ff655d9e48f 25967->25971 25970 7ff655d81fa0 31 API calls 25970->25982 25974 7ff655d9e4db 25971->25974 26167 7ff655d9d0a0 25971->26167 25972 7ff655d9e7c2 25976 7ff655d81fa0 31 API calls 25972->25976 25973 7ff655d9e648 26171 7ff655d97eb0 47 API calls 25973->26171 25978 7ff655d81fa0 31 API calls 25974->25978 25981 7ff655d9e7cb 25976->25981 25983 7ff655d9e4e5 25978->25983 25979 7ff655d9e651 25984 7ff655d951a4 9 API calls 25979->25984 25980 7ff655d9e5cc 25985 7ff655d8129c 33 API calls 25980->25985 25992 7ff655d98090 47 API calls 25980->25992 25997 7ff655d81fa0 31 API calls 25980->25997 26001 7ff655d932bc 51 API calls 25980->26001 26004 7ff655d9e63a 25980->26004 25986 7ff655d81fa0 31 API calls 25981->25986 25982->25964 25982->25965 25982->25970 25982->25980 26143 7ff655d951a4 25982->26143 26148 7ff655d98090 25982->26148 26152 7ff655d932bc 25982->26152 25987 7ff655d81fa0 31 API calls 25983->25987 25988 7ff655d9e656 25984->25988 25985->25980 25989 7ff655d9e7d5 25986->25989 25987->25955 25990 7ff655d9e661 25988->25990 25991 7ff655d9e706 25988->25991 25993 7ff655db2320 _handle_error 8 API calls 25989->25993 26003 7ff655d9aae0 48 API calls 25990->26003 25994 7ff655d9da98 48 API calls 25991->25994 25992->25980 25995 7ff655d9e7e4 25993->25995 25996 7ff655d9e74b AllocConsole 25994->25996 26015 7ff655d962dc GetCurrentDirectoryW 25995->26015 25998 7ff655d9e755 GetCurrentProcessId AttachConsole 25996->25998 25999 7ff655d9e6fb 25996->25999 25997->25980 26000 7ff655d9e76c 25998->26000 26002 7ff655d819e0 Concurrency::details::SchedulerBase::GetBitSet 31 API calls 25999->26002 26008 7ff655d9e778 GetStdHandle WriteConsoleW Sleep FreeConsole 26000->26008 26001->25980 26005 7ff655d9e7b9 ExitProcess 26002->26005 26006 7ff655d9e6a5 26003->26006 26004->25972 26004->25973 26007 7ff655d9da98 48 API calls 26006->26007 26009 7ff655d9e6c3 26007->26009 26008->25999 26010 7ff655d9aae0 48 API calls 26009->26010 26011 7ff655d9e6ce 26010->26011 26172 7ff655d9dc2c 33 API calls 26011->26172 26013 7ff655d9e6da 26173 7ff655d819e0 26013->26173 26016 7ff655d96300 26015->26016 26021 7ff655d9638d 26015->26021 26017 7ff655d813a4 33 API calls 26016->26017 26018 7ff655d9631b GetCurrentDirectoryW 26017->26018 26019 7ff655d96341 26018->26019 26279 7ff655d820b0 26019->26279 26021->25792 26022 7ff655d9634f 26022->26021 26023 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26022->26023 26024 7ff655d963a9 26023->26024 26026 7ff655d9dd88 26025->26026 26027 7ff655da9481 OleInitialize 26026->26027 26028 7ff655da94a7 26027->26028 26029 7ff655da94cd SHGetMalloc 26028->26029 26029->25794 26031 7ff655da9a49 26030->26031 26033 7ff655da9a4e BuildCatchObjectHelperInternal 26030->26033 26032 7ff655d81fa0 31 API calls 26031->26032 26032->26033 26034 7ff655d81fa0 31 API calls 26033->26034 26035 7ff655da9a7d BuildCatchObjectHelperInternal 26033->26035 26034->26035 26036 7ff655da9aac BuildCatchObjectHelperInternal 26035->26036 26037 7ff655d81fa0 31 API calls 26035->26037 26038 7ff655d81fa0 31 API calls 26036->26038 26039 7ff655da9adb BuildCatchObjectHelperInternal 26036->26039 26037->26036 26038->26039 26039->25800 26041 7ff655d812d0 26040->26041 26047 7ff655d8139b 26040->26047 26044 7ff655d81338 26041->26044 26045 7ff655d81396 26041->26045 26049 7ff655d812de BuildCatchObjectHelperInternal 26041->26049 26048 7ff655db21d0 33 API calls 26044->26048 26044->26049 26046 7ff655d81f80 Concurrency::cancel_current_task 33 API calls 26045->26046 26046->26047 26284 7ff655d82004 33 API calls std::_Xinvalid_argument 26047->26284 26048->26049 26049->25806 26051 7ff655d9d0a0 33 API calls 26050->26051 26052 7ff655dacb1f BuildCatchObjectHelperInternal 26051->26052 26053 7ff655dacd8b 26052->26053 26056 7ff655d9d0a0 33 API calls 26052->26056 26057 7ff655dacde4 26052->26057 26060 7ff655dacde9 26052->26060 26063 7ff655d8129c 33 API calls 26052->26063 26064 7ff655dacdef 26052->26064 26067 7ff655d81fa0 31 API calls 26052->26067 26285 7ff655d9bb00 102 API calls 26052->26285 26054 7ff655dacdbe 26053->26054 26053->26057 26055 7ff655db2320 _handle_error 8 API calls 26054->26055 26058 7ff655dacdcf 26055->26058 26056->26052 26059 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26057->26059 26058->25813 26059->26060 26286 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26060->26286 26063->26052 26287 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26064->26287 26065 7ff655dacdf5 26067->26052 26069 7ff655dafd39 26068->26069 26070 7ff655dafd3c SetEnvironmentVariableW 26068->26070 26069->26070 26071 7ff655d9d0a0 33 API calls 26070->26071 26079 7ff655dafd74 26071->26079 26072 7ff655dafdc3 26073 7ff655dafdfa 26072->26073 26075 7ff655dafe1b 26072->26075 26074 7ff655db2320 _handle_error 8 API calls 26073->26074 26076 7ff655dafe0b 26074->26076 26077 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26075->26077 26076->25838 26076->25840 26078 7ff655dafe20 26077->26078 26079->26072 26080 7ff655dafdad SetEnvironmentVariableW 26079->26080 26080->26072 26082 7ff655d813a4 33 API calls 26081->26082 26083 7ff655d96489 26082->26083 26084 7ff655d9648c GetModuleFileNameW 26083->26084 26087 7ff655d964dc 26083->26087 26085 7ff655d964de 26084->26085 26086 7ff655d964a7 26084->26086 26085->26087 26086->26083 26088 7ff655d8129c 33 API calls 26087->26088 26090 7ff655d96506 26088->26090 26089 7ff655d9653e 26089->25803 26090->26089 26091 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26090->26091 26092 7ff655d96560 26091->26092 26094 7ff655d93e4d _snwprintf 26093->26094 26095 7ff655db9ef0 swprintf 46 API calls 26094->26095 26096 7ff655d93e69 SetEnvironmentVariableW GetModuleHandleW LoadIconW 26095->26096 26097 7ff655dab014 LoadBitmapW 26096->26097 26098 7ff655dab03e 26097->26098 26102 7ff655dab046 26097->26102 26288 7ff655da8624 FindResourceW 26098->26288 26100 7ff655dab04e GetObjectW 26101 7ff655dab063 26100->26101 26303 7ff655da849c 26101->26303 26102->26100 26102->26101 26105 7ff655dab0ce 26116 7ff655d998ac 26105->26116 26106 7ff655dab09e 26308 7ff655da8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26106->26308 26107 7ff655da8624 11 API calls 26109 7ff655dab08a 26107->26109 26109->26106 26112 7ff655dab092 DeleteObject 26109->26112 26110 7ff655dab0a7 26309 7ff655da84cc 26110->26309 26112->26106 26115 7ff655dab0bf DeleteObject 26115->26105 26316 7ff655d998dc 26116->26316 26118 7ff655d998ba 26383 7ff655d9a43c GetModuleHandleW FindResourceW 26118->26383 26120 7ff655d998c2 26120->25826 26122 7ff655db21d0 33 API calls 26121->26122 26123 7ff655da67fa 26122->26123 26123->25835 26125 7ff655da9501 26124->26125 26126 7ff655da950a OleUninitialize 26125->26126 26127 7ff655dee330 26126->26127 26128->25831 26129->25841 26130->25845 26131->25849 26132->25858 26134 7ff655d9dff4 GetModuleHandleW 26133->26134 26134->25941 26134->25942 26136 7ff655d97e0c 26135->26136 26137 7ff655d97e23 26136->26137 26138 7ff655d97e55 26136->26138 26140 7ff655d8129c 33 API calls 26137->26140 26179 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26138->26179 26142 7ff655d97e47 26140->26142 26141 7ff655d97e5a 26142->25982 26144 7ff655d951c8 GetVersionExW 26143->26144 26145 7ff655d951fb 26143->26145 26144->26145 26146 7ff655db2320 _handle_error 8 API calls 26145->26146 26147 7ff655d95228 26146->26147 26147->25982 26149 7ff655d980a5 26148->26149 26180 7ff655d98188 26149->26180 26151 7ff655d980ca 26151->25982 26153 7ff655d932e4 26152->26153 26154 7ff655d932e7 GetFileAttributesW 26152->26154 26153->26154 26155 7ff655d932f8 26154->26155 26156 7ff655d93375 26154->26156 26189 7ff655d96a0c 26155->26189 26157 7ff655db2320 _handle_error 8 API calls 26156->26157 26159 7ff655d93389 26157->26159 26159->25982 26161 7ff655d93323 GetFileAttributesW 26162 7ff655d9333c 26161->26162 26162->26156 26163 7ff655d93399 26162->26163 26164 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26163->26164 26165 7ff655d9339e 26164->26165 26166->25949 26170 7ff655d9d0d2 26167->26170 26168 7ff655d9d106 26168->25971 26169 7ff655d81744 33 API calls 26169->26170 26170->26168 26170->26169 26171->25979 26172->26013 26175 7ff655d81fa0 26173->26175 26174 7ff655d81fdc 26174->25999 26175->26174 26176 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26175->26176 26177 7ff655d82000 26176->26177 26178->25966 26179->26141 26181 7ff655d98326 26180->26181 26184 7ff655d981ba 26180->26184 26188 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26181->26188 26183 7ff655d9832b 26186 7ff655d981d4 BuildCatchObjectHelperInternal 26184->26186 26187 7ff655d958a4 33 API calls 2 library calls 26184->26187 26186->26151 26187->26186 26188->26183 26190 7ff655d96a4b 26189->26190 26205 7ff655d96a44 26189->26205 26193 7ff655d8129c 33 API calls 26190->26193 26191 7ff655db2320 _handle_error 8 API calls 26192 7ff655d9331f 26191->26192 26192->26161 26192->26162 26194 7ff655d96a76 26193->26194 26195 7ff655d96a96 26194->26195 26196 7ff655d96cc7 26194->26196 26199 7ff655d96ab0 26195->26199 26225 7ff655d96b49 26195->26225 26197 7ff655d962dc 35 API calls 26196->26197 26198 7ff655d96ce6 26197->26198 26201 7ff655d96eef 26198->26201 26203 7ff655d96d1b 26198->26203 26259 7ff655d96b44 26198->26259 26200 7ff655d970ab 26199->26200 26262 7ff655d8c098 33 API calls 2 library calls 26199->26262 26274 7ff655d82004 33 API calls std::_Xinvalid_argument 26200->26274 26207 7ff655d970cf 26201->26207 26271 7ff655d8c098 33 API calls 2 library calls 26201->26271 26208 7ff655d970bd 26203->26208 26265 7ff655d8c098 33 API calls 2 library calls 26203->26265 26204 7ff655d970b1 26215 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26204->26215 26205->26191 26277 7ff655d82004 33 API calls std::_Xinvalid_argument 26207->26277 26275 7ff655d82004 33 API calls std::_Xinvalid_argument 26208->26275 26209 7ff655d970d5 26216 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26209->26216 26211 7ff655d96b03 26226 7ff655d81fa0 31 API calls 26211->26226 26228 7ff655d96b15 BuildCatchObjectHelperInternal 26211->26228 26223 7ff655d970b7 26215->26223 26224 7ff655d970db 26216->26224 26217 7ff655d970a6 26222 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26217->26222 26218 7ff655d96f56 26272 7ff655d811cc 33 API calls BuildCatchObjectHelperInternal 26218->26272 26220 7ff655d970c3 26233 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26220->26233 26221 7ff655d81fa0 31 API calls 26221->26259 26222->26200 26234 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26223->26234 26230 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26224->26230 26227 7ff655d8129c 33 API calls 26225->26227 26225->26259 26226->26228 26231 7ff655d96bbe 26227->26231 26228->26221 26229 7ff655d96f69 26273 7ff655d957ac 33 API calls BuildCatchObjectHelperInternal 26229->26273 26236 7ff655d970e1 26230->26236 26263 7ff655d95820 33 API calls 26231->26263 26238 7ff655d970c9 26233->26238 26234->26208 26235 7ff655d81fa0 31 API calls 26244 7ff655d96df5 26235->26244 26276 7ff655d8704c 47 API calls BuildCatchObjectHelperInternal 26238->26276 26239 7ff655d96d76 BuildCatchObjectHelperInternal 26239->26220 26239->26235 26240 7ff655d96bd3 26264 7ff655d8e164 33 API calls 2 library calls 26240->26264 26243 7ff655d81fa0 31 API calls 26246 7ff655d96fec 26243->26246 26248 7ff655d96e21 26244->26248 26266 7ff655d81744 33 API calls 4 library calls 26244->26266 26245 7ff655d96f79 BuildCatchObjectHelperInternal 26245->26224 26245->26243 26247 7ff655d81fa0 31 API calls 26246->26247 26250 7ff655d96ff6 26247->26250 26248->26238 26254 7ff655d8129c 33 API calls 26248->26254 26249 7ff655d81fa0 31 API calls 26252 7ff655d96c6d 26249->26252 26253 7ff655d81fa0 31 API calls 26250->26253 26256 7ff655d81fa0 31 API calls 26252->26256 26253->26259 26257 7ff655d96ec2 26254->26257 26255 7ff655d96be9 BuildCatchObjectHelperInternal 26255->26223 26255->26249 26256->26259 26267 7ff655d82034 26257->26267 26259->26204 26259->26205 26259->26209 26259->26217 26260 7ff655d96edf 26261 7ff655d81fa0 31 API calls 26260->26261 26261->26259 26262->26211 26263->26240 26264->26255 26265->26239 26266->26248 26268 7ff655d82085 26267->26268 26270 7ff655d82059 BuildCatchObjectHelperInternal 26267->26270 26278 7ff655d815b8 33 API calls 3 library calls 26268->26278 26270->26260 26271->26218 26272->26229 26273->26245 26276->26207 26278->26270 26280 7ff655d820cb BuildCatchObjectHelperInternal 26279->26280 26281 7ff655d820f6 26279->26281 26280->26022 26283 7ff655d81474 33 API calls 3 library calls 26281->26283 26283->26280 26285->26052 26286->26064 26287->26065 26289 7ff655da864f SizeofResource 26288->26289 26290 7ff655da879b 26288->26290 26289->26290 26291 7ff655da8669 LoadResource 26289->26291 26290->26102 26291->26290 26292 7ff655da8682 LockResource 26291->26292 26292->26290 26293 7ff655da8697 GlobalAlloc 26292->26293 26293->26290 26294 7ff655da86b8 GlobalLock 26293->26294 26295 7ff655da8792 GlobalFree 26294->26295 26296 7ff655da86ca BuildCatchObjectHelperInternal 26294->26296 26295->26290 26297 7ff655da86d8 CreateStreamOnHGlobal 26296->26297 26298 7ff655da8789 GlobalUnlock 26297->26298 26299 7ff655da86f6 GdipAlloc 26297->26299 26298->26295 26300 7ff655da870b 26299->26300 26300->26298 26301 7ff655da8772 26300->26301 26302 7ff655da875a GdipCreateHBITMAPFromBitmap 26300->26302 26301->26298 26302->26301 26304 7ff655da84cc 4 API calls 26303->26304 26305 7ff655da84aa 26304->26305 26306 7ff655da84b9 26305->26306 26314 7ff655da8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26305->26314 26306->26105 26306->26106 26306->26107 26308->26110 26310 7ff655da84de 26309->26310 26312 7ff655da84e3 26309->26312 26315 7ff655da8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26310->26315 26313 7ff655da8df4 16 API calls _handle_error 26312->26313 26313->26115 26314->26306 26315->26312 26319 7ff655d998fe _snwprintf 26316->26319 26317 7ff655d99973 26434 7ff655d968b0 48 API calls 26317->26434 26319->26317 26321 7ff655d99a89 26319->26321 26320 7ff655d81fa0 31 API calls 26323 7ff655d999fd 26320->26323 26321->26323 26325 7ff655d820b0 33 API calls 26321->26325 26322 7ff655d9997d BuildCatchObjectHelperInternal 26322->26320 26381 7ff655d9a42e 26322->26381 26385 7ff655d924c0 26323->26385 26324 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26326 7ff655d9a434 26324->26326 26325->26323 26330 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26326->26330 26329 7ff655d99a22 26331 7ff655d9204c 100 API calls 26329->26331 26333 7ff655d9a43a 26330->26333 26334 7ff655d99a2b 26331->26334 26332 7ff655d99b17 26403 7ff655dba450 26332->26403 26334->26326 26336 7ff655d99a66 26334->26336 26340 7ff655db2320 _handle_error 8 API calls 26336->26340 26337 7ff655d99aad 26337->26332 26341 7ff655d98e58 33 API calls 26337->26341 26339 7ff655dba450 31 API calls 26353 7ff655d99b57 __vcrt_FlsAlloc 26339->26353 26342 7ff655d9a40e 26340->26342 26341->26337 26342->26118 26343 7ff655d99c89 26345 7ff655d92aa0 101 API calls 26343->26345 26357 7ff655d99d5c 26343->26357 26347 7ff655d99ca1 26345->26347 26348 7ff655d928d0 104 API calls 26347->26348 26347->26357 26354 7ff655d99cc9 26348->26354 26353->26343 26353->26357 26411 7ff655d92bb0 26353->26411 26420 7ff655d928d0 26353->26420 26425 7ff655d92aa0 26353->26425 26356 7ff655d99cd7 __vcrt_FlsAlloc 26354->26356 26354->26357 26435 7ff655da0bbc MultiByteToWideChar 26354->26435 26356->26357 26358 7ff655d9a1ec 26356->26358 26361 7ff655d9a157 26356->26361 26364 7ff655d9a14b 26356->26364 26377 7ff655d9a429 26356->26377 26379 7ff655da0f68 WideCharToMultiByte 26356->26379 26436 7ff655d9aa88 45 API calls _snwprintf 26356->26436 26437 7ff655dba270 31 API calls 2 library calls 26356->26437 26430 7ff655d9204c 26357->26430 26360 7ff655d9a2c2 26358->26360 26441 7ff655dbcf90 31 API calls 2 library calls 26358->26441 26366 7ff655d9a3a2 26360->26366 26372 7ff655d98e58 33 API calls 26360->26372 26361->26358 26438 7ff655dbcf90 31 API calls 2 library calls 26361->26438 26362 7ff655d9a249 26442 7ff655dbb7bc 31 API calls _invalid_parameter_noinfo_noreturn 26362->26442 26364->26118 26368 7ff655dba450 31 API calls 26366->26368 26367 7ff655d9a2ae 26367->26360 26443 7ff655d98cd0 33 API calls 2 library calls 26367->26443 26370 7ff655d9a3cb 26368->26370 26373 7ff655dba450 31 API calls 26370->26373 26371 7ff655d9a16d 26439 7ff655dbb7bc 31 API calls _invalid_parameter_noinfo_noreturn 26371->26439 26372->26360 26373->26357 26375 7ff655d9a1d8 26375->26358 26440 7ff655d98cd0 33 API calls 2 library calls 26375->26440 26444 7ff655db2624 8 API calls 26377->26444 26379->26356 26381->26324 26384 7ff655d9a468 26383->26384 26384->26120 26386 7ff655d924fd CreateFileW 26385->26386 26388 7ff655d925ae GetLastError 26386->26388 26396 7ff655d9266e 26386->26396 26389 7ff655d96a0c 49 API calls 26388->26389 26390 7ff655d925dc 26389->26390 26391 7ff655d925e0 CreateFileW GetLastError 26390->26391 26397 7ff655d9262c 26390->26397 26391->26397 26392 7ff655d926b1 SetFileTime 26395 7ff655d926cf 26392->26395 26393 7ff655d92708 26394 7ff655db2320 _handle_error 8 API calls 26393->26394 26398 7ff655d9271b 26394->26398 26395->26393 26399 7ff655d820b0 33 API calls 26395->26399 26396->26392 26396->26395 26397->26396 26400 7ff655d92736 26397->26400 26398->26329 26398->26337 26399->26393 26401 7ff655db7904 _invalid_parameter_noinfo_noreturn 31 API calls 26400->26401 26402 7ff655d9273b 26401->26402 26404 7ff655dba47d 26403->26404 26410 7ff655dba492 26404->26410 26445 7ff655dbd69c 15 API calls abort 26404->26445 26406 7ff655dba487 26446 7ff655db78e4 31 API calls _invalid_parameter_noinfo 26406->26446 26408 7ff655db2320 _handle_error 8 API calls 26409 7ff655d99b37 26408->26409 26409->26339 26410->26408 26412 7ff655d92bcd 26411->26412 26416 7ff655d92be9 26411->26416 26415 7ff655d92bfb 26412->26415 26447 7ff655d8b9c4 99 API calls Concurrency::cancel_current_task 26412->26447 26414 7ff655d92c01 SetFilePointer 26414->26415 26417 7ff655d92c1e GetLastError 26414->26417 26415->26353 26416->26414 26416->26415 26417->26415 26418 7ff655d92c28 26417->26418 26418->26415 26448 7ff655d8b9c4 99 API calls Concurrency::cancel_current_task 26418->26448 26421 7ff655d928f6 26420->26421 26422 7ff655d928fd 26420->26422 26421->26353 26422->26421 26423 7ff655d92320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 26422->26423 26449 7ff655d8b8a4 99 API calls Concurrency::cancel_current_task 26422->26449 26423->26422 26450 7ff655d92778 26425->26450 26427 7ff655d92ac7 26427->26353 26431 7ff655d92066 26430->26431 26432 7ff655d92072 26430->26432 26431->26432 26458 7ff655d920d0 26431->26458 26434->26322 26435->26356 26436->26356 26437->26356 26438->26371 26439->26375 26440->26358 26441->26362 26442->26367 26443->26360 26444->26381 26445->26406 26446->26410 26451 7ff655d92789 _snwprintf 26450->26451 26453 7ff655d92890 SetFilePointer 26451->26453 26456 7ff655d927b5 26451->26456 26452 7ff655db2320 _handle_error 8 API calls 26454 7ff655d9281d 26452->26454 26455 7ff655d928b8 GetLastError 26453->26455 26453->26456 26454->26427 26457 7ff655d8b9c4 99 API calls Concurrency::cancel_current_task 26454->26457 26455->26456 26456->26452 26459 7ff655d92102 26458->26459 26460 7ff655d920ea 26458->26460 26461 7ff655d92126 26459->26461 26464 7ff655d8b544 99 API calls 26459->26464 26460->26459 26462 7ff655d920f6 CloseHandle 26460->26462 26461->26432 26462->26459 26464->26461 28480 7ff655dbd94c 28481 7ff655dbd997 28480->28481 28485 7ff655dbd95b abort 28480->28485 28487 7ff655dbd69c 15 API calls abort 28481->28487 28483 7ff655dbd97e HeapAlloc 28484 7ff655dbd995 28483->28484 28483->28485 28485->28481 28485->28483 28486 7ff655dbbbc0 abort 2 API calls 28485->28486 28486->28485 28487->28484

                                                                                Executed Functions

                                                                                Function 00007FF655DAB190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
                                                                                • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                • API String ID: 255727823-2702805183
                                                                                • Opcode ID: 25d7627cdadfb7a0975e693defbf18a1c09942109cbeb33185e2f9b754ac09a6
                                                                                • Instruction ID: 8368aaa82076f52a6d6cbb38a4f63f396720894b57c300f33fd0d236997f996d
                                                                                • Opcode Fuzzy Hash: 25d7627cdadfb7a0975e693defbf18a1c09942109cbeb33185e2f9b754ac09a6
                                                                                • Instruction Fuzzy Hash: 72D2C53BA0868381FA60DB64E8582FA6351EF85F98F484335D94DA66A5DF3CED44C708
                                                                                Function 00007FF655DACE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963windowfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$DialogItemPathTemp
                                                                                • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                • API String ID: 3007431893-3916287355
                                                                                • Opcode ID: e8e04c62f54770bedbb7c0e18cc69a2eaec3cac7609a0d283ef696123d8756e1
                                                                                • Instruction ID: 59c59340c3d6326d2539683ffd005b09447dbb99c7b89be0ae52fdea56e10ed6
                                                                                • Opcode Fuzzy Hash: e8e04c62f54770bedbb7c0e18cc69a2eaec3cac7609a0d283ef696123d8756e1
                                                                                • Instruction Fuzzy Hash: 38139F77A04B8285EB10DF64D8482ED27B1EB40B9CF581735DA1DA7AD9DF38E984C348
                                                                                Function 00007FF655DB0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1466 7ff655db0754-7ff655db0829 call 7ff655d9dfd0 call 7ff655d962dc call 7ff655da946c call 7ff655db3cf0 call 7ff655da9a14 1477 7ff655db0860-7ff655db0883 1466->1477 1478 7ff655db082b-7ff655db0840 1466->1478 1479 7ff655db0885-7ff655db089a 1477->1479 1480 7ff655db08ba-7ff655db08dd 1477->1480 1481 7ff655db0842-7ff655db0855 1478->1481 1482 7ff655db085b call 7ff655db220c 1478->1482 1485 7ff655db08b5 call 7ff655db220c 1479->1485 1486 7ff655db089c-7ff655db08af 1479->1486 1487 7ff655db08df-7ff655db08f4 1480->1487 1488 7ff655db0914-7ff655db0937 1480->1488 1481->1482 1483 7ff655db0ddd-7ff655db0de2 call 7ff655db7904 1481->1483 1482->1477 1502 7ff655db0de3-7ff655db0df0 call 7ff655db7904 1483->1502 1485->1480 1486->1483 1486->1485 1491 7ff655db090f call 7ff655db220c 1487->1491 1492 7ff655db08f6-7ff655db0909 1487->1492 1493 7ff655db096e-7ff655db097a GetCommandLineW 1488->1493 1494 7ff655db0939-7ff655db094e 1488->1494 1491->1488 1492->1483 1492->1491 1496 7ff655db0980-7ff655db09b7 call 7ff655db797c call 7ff655d8129c call 7ff655dacad0 1493->1496 1497 7ff655db0b47-7ff655db0b5e call 7ff655d96454 1493->1497 1499 7ff655db0950-7ff655db0963 1494->1499 1500 7ff655db0969 call 7ff655db220c 1494->1500 1525 7ff655db09b9-7ff655db09cc 1496->1525 1526 7ff655db09ec-7ff655db09f3 1496->1526 1510 7ff655db0b60-7ff655db0b85 call 7ff655d81fa0 call 7ff655db3640 1497->1510 1511 7ff655db0b89-7ff655db0ce4 call 7ff655d81fa0 SetEnvironmentVariableW GetLocalTime call 7ff655d93e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff655dab014 call 7ff655d998ac call 7ff655da67b4 * 2 DialogBoxParamW call 7ff655da68a8 * 2 1497->1511 1499->1483 1499->1500 1500->1493 1513 7ff655db0df5-7ff655db0e2f call 7ff655db1900 1502->1513 1510->1511 1572 7ff655db0ce6 Sleep 1511->1572 1573 7ff655db0cec-7ff655db0cf3 1511->1573 1522 7ff655db0e34-7ff655db0ee1 1513->1522 1522->1513 1530 7ff655db09ce-7ff655db09e1 1525->1530 1531 7ff655db09e7 call 7ff655db220c 1525->1531 1532 7ff655db09f9-7ff655db0a13 OpenFileMappingW 1526->1532 1533 7ff655db0adb-7ff655db0b05 call 7ff655db797c call 7ff655d8129c call 7ff655dafd0c 1526->1533 1530->1502 1530->1531 1531->1526 1537 7ff655db0ad0-7ff655db0ad9 CloseHandle 1532->1537 1538 7ff655db0a19-7ff655db0a39 MapViewOfFile 1532->1538 1552 7ff655db0b0a-7ff655db0b12 1533->1552 1537->1497 1538->1537 1540 7ff655db0a3f-7ff655db0a6f UnmapViewOfFile MapViewOfFile 1538->1540 1540->1537 1544 7ff655db0a71-7ff655db0aca call 7ff655daa190 call 7ff655dafd0c call 7ff655d9b9b4 call 7ff655d9bb00 call 7ff655d9bb70 UnmapViewOfFile 1540->1544 1544->1537 1552->1497 1555 7ff655db0b14-7ff655db0b27 1552->1555 1558 7ff655db0b42 call 7ff655db220c 1555->1558 1559 7ff655db0b29-7ff655db0b3c 1555->1559 1558->1497 1559->1558 1562 7ff655db0dd7-7ff655db0ddc call 7ff655db7904 1559->1562 1562->1483 1572->1573 1575 7ff655db0cf5 call 7ff655da9f4c 1573->1575 1576 7ff655db0cfa-7ff655db0d1d call 7ff655d9b8e0 DeleteObject 1573->1576 1575->1576 1581 7ff655db0d1f DeleteObject 1576->1581 1582 7ff655db0d25-7ff655db0d2c 1576->1582 1581->1582 1583 7ff655db0d2e-7ff655db0d35 1582->1583 1584 7ff655db0d48-7ff655db0d59 1582->1584 1583->1584 1585 7ff655db0d37-7ff655db0d43 call 7ff655d8ba0c 1583->1585 1586 7ff655db0d6d-7ff655db0d7a 1584->1586 1587 7ff655db0d5b-7ff655db0d67 call 7ff655dafe24 CloseHandle 1584->1587 1585->1584 1588 7ff655db0d9f-7ff655db0da4 call 7ff655da94e4 1586->1588 1589 7ff655db0d7c-7ff655db0d89 1586->1589 1587->1586 1598 7ff655db0da9-7ff655db0dd6 call 7ff655db2320 1588->1598 1593 7ff655db0d99-7ff655db0d9b 1589->1593 1594 7ff655db0d8b-7ff655db0d93 1589->1594 1593->1588 1597 7ff655db0d9d 1593->1597 1594->1588 1596 7ff655db0d95-7ff655db0d97 1594->1596 1596->1588 1597->1588
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                • API String ID: 1048086575-3710569615
                                                                                • Opcode ID: a2d1f56a0ea0f115fb5c545e7d969dd7b349b6d85002bdedd461fc6b968f04a4
                                                                                • Instruction ID: ccc8897fad7932b612c54cd4c0eb9dc14444d1b8603384ddbefb8c902e584097
                                                                                • Opcode Fuzzy Hash: a2d1f56a0ea0f115fb5c545e7d969dd7b349b6d85002bdedd461fc6b968f04a4
                                                                                • Instruction Fuzzy Hash: 6D12776BA1878381FB109B24E8492B97361FF84F98F484335DA5DA6B95DF3CE944C708
                                                                                Function 00007FF655D9A4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                • String ID: $%s:$CAPTION
                                                                                • API String ID: 2100155373-404845831
                                                                                • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction ID: 280dd9c071037b666bbb3e07523e5ab38c9ccc5a4f0ae1aeacea78ab8c61462c
                                                                                • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                • Instruction Fuzzy Hash: 2A91D737B1864286E7149F29E414669B7A1FB84B88F485735EE4DA7B58CF3CEC05CB04
                                                                                Function 00007FF655DA8624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                • String ID: PNG
                                                                                • API String ID: 211097158-364855578
                                                                                • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction ID: c6783c27b8c44e366506887b4cbaf044d75de1cd5a8f415893e32b06dce826d7
                                                                                • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                • Instruction Fuzzy Hash: E5411F2BA19A0281EA159B56D85C779A3A0AF88F98F0C4735CD0DA7764EF7CEC45C704
                                                                                Function 00007FF655D8F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: __tmp_reference_source_
                                                                                • API String ID: 3668304517-685763994
                                                                                • Opcode ID: d5a8365e8948251528286b161cddaa5feaa6a84134b6101f2d82ca0e8e1ec618
                                                                                • Instruction ID: 61852f81b0adf2ebbd18dce301023682a71d75c2049d62ac3d12a68dad43f5b1
                                                                                • Opcode Fuzzy Hash: d5a8365e8948251528286b161cddaa5feaa6a84134b6101f2d82ca0e8e1ec618
                                                                                • Instruction Fuzzy Hash: 06E2EB67A086C292EA64CB65E0583FEA761FB41F48F484331DB9DA36A5CF3CE854C704
                                                                                Function 00007FF655D84840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: CMT
                                                                                • API String ID: 3668304517-2756464174
                                                                                • Opcode ID: c11a863c1fc623ed6efd17e9f8372475e5dca71780db97a9728ff10bb20c177f
                                                                                • Instruction ID: b749a970ea6f92e4cfd37aa76330b6df0466f5b11a60f0bfb9a2fced5b74e131
                                                                                • Opcode Fuzzy Hash: c11a863c1fc623ed6efd17e9f8372475e5dca71780db97a9728ff10bb20c177f
                                                                                • Instruction Fuzzy Hash: 2BE2F32BB0868296EB14DB64D4682FD67A1FB40B8CF481335DA5EA7792DF3CE854C305
                                                                                Function 00007FF655D940BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3477 7ff655d940bc-7ff655d940f3 3478 7ff655d941d2-7ff655d941df FindNextFileW 3477->3478 3479 7ff655d940f9-7ff655d94101 3477->3479 3482 7ff655d941e1-7ff655d941f1 GetLastError 3478->3482 3483 7ff655d941f3-7ff655d941f6 3478->3483 3480 7ff655d94103 3479->3480 3481 7ff655d94106-7ff655d94118 FindFirstFileW 3479->3481 3480->3481 3481->3483 3484 7ff655d9411e-7ff655d94146 call 7ff655d96a0c 3481->3484 3485 7ff655d941ca-7ff655d941cd 3482->3485 3486 7ff655d94211-7ff655d94253 call 7ff655db797c call 7ff655d8129c call 7ff655d98090 3483->3486 3487 7ff655d941f8-7ff655d94200 3483->3487 3499 7ff655d94167-7ff655d94170 3484->3499 3500 7ff655d94148-7ff655d94164 FindFirstFileW 3484->3500 3489 7ff655d942eb-7ff655d9430e call 7ff655db2320 3485->3489 3513 7ff655d94255-7ff655d9426c 3486->3513 3514 7ff655d9428c-7ff655d942e6 call 7ff655d9f168 * 3 3486->3514 3491 7ff655d94202 3487->3491 3492 7ff655d94205-7ff655d9420c call 7ff655d820b0 3487->3492 3491->3492 3492->3486 3502 7ff655d94172-7ff655d94189 3499->3502 3503 7ff655d941a9-7ff655d941ad 3499->3503 3500->3499 3504 7ff655d941a4 call 7ff655db220c 3502->3504 3505 7ff655d9418b-7ff655d9419e 3502->3505 3503->3483 3507 7ff655d941af-7ff655d941be GetLastError 3503->3507 3504->3503 3505->3504 3508 7ff655d94315-7ff655d9431b call 7ff655db7904 3505->3508 3511 7ff655d941c0-7ff655d941c6 3507->3511 3512 7ff655d941c8 3507->3512 3511->3485 3511->3512 3512->3485 3516 7ff655d9426e-7ff655d94281 3513->3516 3517 7ff655d94287 call 7ff655db220c 3513->3517 3514->3489 3516->3517 3520 7ff655d9430f-7ff655d94314 call 7ff655db7904 3516->3520 3517->3514 3520->3508
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                • String ID:
                                                                                • API String ID: 474548282-0
                                                                                • Opcode ID: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
                                                                                • Instruction ID: 786091e9229bef8d4fc3b00354e84f700c0ce6361dbcb2bbd74cd9f6079bbfe4
                                                                                • Opcode Fuzzy Hash: e946e08dc8eba9ecab1b1533132c2bb6995f9a4699fd30eb303f74d9a567b386
                                                                                • Instruction Fuzzy Hash: 4D61A367A09A4281EA109B24E85827D6371FB85FB8F145331EAADA37D9DF3CD984C704
                                                                                Function 00007FF655D85E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3614 7ff655d85e24-7ff655d86129 call 7ff655d9833c call 7ff655d985f0 3620 7ff655d8612e-7ff655d86132 3614->3620 3621 7ff655d86134-7ff655d8613c call 7ff655d86fcc 3620->3621 3622 7ff655d86141-7ff655d86171 call 7ff655d983d8 call 7ff655d98570 call 7ff655d98528 3620->3622 3627 7ff655d8697b 3621->3627 3640 7ff655d86177-7ff655d86179 3622->3640 3641 7ff655d86973-7ff655d86976 call 7ff655d8466c 3622->3641 3629 7ff655d8697e-7ff655d86985 3627->3629 3631 7ff655d86987-7ff655d86998 3629->3631 3632 7ff655d869b4-7ff655d869e3 call 7ff655db2320 3629->3632 3634 7ff655d8699a-7ff655d869ad 3631->3634 3635 7ff655d869af call 7ff655db220c 3631->3635 3634->3635 3638 7ff655d869e4-7ff655d869e9 call 7ff655db7904 3634->3638 3635->3632 3649 7ff655d869ea-7ff655d869ef call 7ff655db7904 3638->3649 3640->3641 3644 7ff655d8617f-7ff655d86189 3640->3644 3641->3627 3644->3641 3646 7ff655d8618f-7ff655d86192 3644->3646 3646->3641 3648 7ff655d86198-7ff655d861aa call 7ff655d985f0 3646->3648 3648->3621 3654 7ff655d861ac-7ff655d861fd call 7ff655d984f8 call 7ff655d98528 * 2 3648->3654 3655 7ff655d869f0-7ff655d869f7 call 7ff655db7904 3649->3655 3664 7ff655d8623f-7ff655d86249 3654->3664 3665 7ff655d861ff-7ff655d86222 call 7ff655d8466c call 7ff655d8ba0c 3654->3665 3667 7ff655d8624b-7ff655d86260 call 7ff655d98528 3664->3667 3668 7ff655d86266-7ff655d86270 3664->3668 3665->3664 3682 7ff655d86224-7ff655d8622e call 7ff655d8433c 3665->3682 3667->3641 3667->3668 3670 7ff655d86272-7ff655d8627b call 7ff655d98528 3668->3670 3671 7ff655d8627e-7ff655d86296 call 7ff655d8334c 3668->3671 3670->3671 3680 7ff655d86298-7ff655d8629b 3671->3680 3681 7ff655d862b3 3671->3681 3680->3681 3683 7ff655d8629d-7ff655d862b1 3680->3683 3684 7ff655d862b6-7ff655d862c8 3681->3684 3682->3664 3683->3681 3683->3684 3686 7ff655d868b7-7ff655d86929 call 7ff655d94d04 call 7ff655d98528 3684->3686 3687 7ff655d862ce-7ff655d862d1 3684->3687 3706 7ff655d8692b-7ff655d86934 call 7ff655d98528 3686->3706 3707 7ff655d86936 3686->3707 3689 7ff655d862d7-7ff655d862da 3687->3689 3690 7ff655d86481-7ff655d864f4 call 7ff655d94c74 call 7ff655d98528 * 2 3687->3690 3689->3690 3693 7ff655d862e0-7ff655d862e3 3689->3693 3720 7ff655d86507-7ff655d86533 call 7ff655d98528 3690->3720 3721 7ff655d864f6-7ff655d86500 3690->3721 3694 7ff655d862e5-7ff655d862e8 3693->3694 3695 7ff655d8632e-7ff655d86353 call 7ff655d98528 3693->3695 3698 7ff655d8696d-7ff655d86971 3694->3698 3699 7ff655d862ee-7ff655d86329 call 7ff655d98528 3694->3699 3710 7ff655d86355-7ff655d8638f call 7ff655d84228 call 7ff655d83c84 call 7ff655d8701c call 7ff655d81fa0 3695->3710 3711 7ff655d8639e-7ff655d863c5 call 7ff655d98528 call 7ff655d98384 3695->3711 3698->3629 3699->3698 3713 7ff655d86939-7ff655d86946 3706->3713 3707->3713 3757 7ff655d86390-7ff655d86399 call 7ff655d81fa0 3710->3757 3733 7ff655d863c7-7ff655d86400 call 7ff655d84228 call 7ff655d83c84 call 7ff655d8701c call 7ff655d81fa0 3711->3733 3734 7ff655d86402-7ff655d8641f call 7ff655d98444 3711->3734 3718 7ff655d8694c 3713->3718 3719 7ff655d86948-7ff655d8694a 3713->3719 3724 7ff655d8694f-7ff655d86959 3718->3724 3719->3718 3719->3724 3735 7ff655d86549-7ff655d86557 3720->3735 3736 7ff655d86535-7ff655d86544 call 7ff655d983d8 call 7ff655d9f134 3720->3736 3721->3720 3724->3698 3728 7ff655d8695b-7ff655d86968 call 7ff655d84840 3724->3728 3728->3698 3733->3757 3752 7ff655d86475-7ff655d8647c 3734->3752 3753 7ff655d86421-7ff655d8646f call 7ff655d98444 * 2 call 7ff655d9c800 call 7ff655db4a70 3734->3753 3742 7ff655d86559-7ff655d8656c call 7ff655d983d8 3735->3742 3743 7ff655d86572-7ff655d86595 call 7ff655d98528 3735->3743 3736->3735 3742->3743 3758 7ff655d86597-7ff655d8659e 3743->3758 3759 7ff655d865a0-7ff655d865b0 3743->3759 3752->3698 3753->3752 3757->3711 3763 7ff655d865b3-7ff655d865eb call 7ff655d98528 * 2 3758->3763 3759->3763 3778 7ff655d865ed-7ff655d865f4 3763->3778 3779 7ff655d865f6-7ff655d865fa 3763->3779 3781 7ff655d86603-7ff655d86632 3778->3781 3779->3781 3783 7ff655d865fc 3779->3783 3784 7ff655d86634-7ff655d86638 3781->3784 3785 7ff655d8663f 3781->3785 3783->3781 3784->3785 3786 7ff655d8663a-7ff655d8663d 3784->3786 3787 7ff655d86641-7ff655d86656 3785->3787 3786->3787 3788 7ff655d866ca 3787->3788 3789 7ff655d86658-7ff655d8665b 3787->3789 3791 7ff655d866d2-7ff655d86731 call 7ff655d83d00 call 7ff655d98444 call 7ff655da0d54 3788->3791 3789->3788 3790 7ff655d8665d-7ff655d86683 3789->3790 3790->3791 3792 7ff655d86685-7ff655d866a9 3790->3792 3802 7ff655d86745-7ff655d86749 3791->3802 3803 7ff655d86733-7ff655d86740 call 7ff655d84840 3791->3803 3794 7ff655d866ab 3792->3794 3795 7ff655d866b2-7ff655d866bf 3792->3795 3794->3795 3795->3791 3797 7ff655d866c1-7ff655d866c8 3795->3797 3797->3791 3805 7ff655d8675b-7ff655d86772 call 7ff655db797c 3802->3805 3806 7ff655d8674b-7ff655d86756 call 7ff655d8473c 3802->3806 3803->3802 3812 7ff655d86777-7ff655d8677e 3805->3812 3813 7ff655d86774 3805->3813 3811 7ff655d86859-7ff655d86860 3806->3811 3814 7ff655d86873-7ff655d8687b 3811->3814 3815 7ff655d86862-7ff655d86872 call 7ff655d8433c 3811->3815 3816 7ff655d867a3-7ff655d867ba call 7ff655db797c 3812->3816 3817 7ff655d86780-7ff655d86783 3812->3817 3813->3812 3814->3698 3820 7ff655d86881-7ff655d86892 3814->3820 3815->3814 3829 7ff655d867bc 3816->3829 3830 7ff655d867bf-7ff655d867c6 3816->3830 3821 7ff655d8679c 3817->3821 3822 7ff655d86785 3817->3822 3825 7ff655d868ad-7ff655d868b2 call 7ff655db220c 3820->3825 3826 7ff655d86894-7ff655d868a7 3820->3826 3821->3816 3827 7ff655d86788-7ff655d86791 3822->3827 3825->3698 3826->3655 3826->3825 3827->3816 3828 7ff655d86793-7ff655d8679a 3827->3828 3828->3821 3828->3827 3829->3830 3830->3811 3833 7ff655d867cc-7ff655d867cf 3830->3833 3834 7ff655d867e8-7ff655d867f0 3833->3834 3835 7ff655d867d1 3833->3835 3834->3811 3837 7ff655d867f2-7ff655d86826 call 7ff655d98360 call 7ff655d98598 call 7ff655d98528 3834->3837 3836 7ff655d867d4-7ff655d867dd 3835->3836 3836->3811 3838 7ff655d867df-7ff655d867e6 3836->3838 3837->3811 3845 7ff655d86828-7ff655d86839 3837->3845 3838->3834 3838->3836 3846 7ff655d8683b-7ff655d8684e 3845->3846 3847 7ff655d86854 call 7ff655db220c 3845->3847 3846->3649 3846->3847 3847->3811
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: CMT
                                                                                • API String ID: 0-2756464174
                                                                                • Opcode ID: 589854a86694341a55c69b07c8121abed16d2d53b78a965ac968b8bdafdd2d04
                                                                                • Instruction ID: f8c6b4d5674047165075c6ab48ccf84e599b082bcf6504635f3499edfc0c653c
                                                                                • Opcode Fuzzy Hash: 589854a86694341a55c69b07c8121abed16d2d53b78a965ac968b8bdafdd2d04
                                                                                • Instruction Fuzzy Hash: 7742F12BB0868196EB18DB74C1592FD67A1EB10B5CF081336DB1EA76D6DF38E918C305
                                                                                Function 00007FF655DA1F20 Relevance: .3, Instructions: 337COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a7c7bc2dc56eba4a822e06febf8edf8ef325e601d03988013764f0f8a043b181
                                                                                • Instruction ID: 732c6d73f0101983775e7d5b2dc80972704cb4b4f6580570e2ef764bc3429c16
                                                                                • Opcode Fuzzy Hash: a7c7bc2dc56eba4a822e06febf8edf8ef325e601d03988013764f0f8a043b181
                                                                                • Instruction Fuzzy Hash: 45E1A67BA0928287EB64CF29E44827E7791FB45B4CF094339DB4DA7645DE3CE9418708
                                                                                Function 00007FF655DA3484 Relevance: .3, Instructions: 302COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                                                                • Instruction ID: caa39f7699abf9b48e79669e1c400154e5c2ca982bc9ef1c2d4448fb55db1357
                                                                                • Opcode Fuzzy Hash: bca6f1c51f28919b1ed0d44622ea5b19d03515415c361c6bf899ecd233d7ad4e
                                                                                • Instruction Fuzzy Hash: 43B1C0A7B04AC992DE59CA65D50C7EAA392B745FC8F488232DE0D67B40DF3CE955C304
                                                                                Function 00007FF655D94928 Relevance: .1, Instructions: 136COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID:
                                                                                • API String ID: 3340455307-0
                                                                                • Opcode ID: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
                                                                                • Instruction ID: e82177f9f79fdbf901884e010c2f005d434ac11d1f38a8606ad139e1ba6eee71
                                                                                • Opcode Fuzzy Hash: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
                                                                                • Instruction Fuzzy Hash: 03410827B1565686FB64DF11E92877A2262FBC4B8CF084334DE4DA7795DE3CE8428708
                                                                                Function 00007FF655D9DFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 7ff655d9dfd0-7ff655d9e024 call 7ff655db2450 GetModuleHandleW 3 7ff655d9e026-7ff655d9e039 GetProcAddress 0->3 4 7ff655d9e07b-7ff655d9e3a5 0->4 5 7ff655d9e053-7ff655d9e066 GetProcAddress 3->5 6 7ff655d9e03b-7ff655d9e04a 3->6 7 7ff655d9e503-7ff655d9e521 call 7ff655d96454 call 7ff655d97df4 4->7 8 7ff655d9e3ab-7ff655d9e3b4 call 7ff655dbb788 4->8 5->4 11 7ff655d9e068-7ff655d9e078 5->11 6->5 20 7ff655d9e525-7ff655d9e52f call 7ff655d951a4 7->20 8->7 14 7ff655d9e3ba-7ff655d9e3fd call 7ff655d96454 CreateFileW 8->14 11->4 21 7ff655d9e4f0-7ff655d9e4fe CloseHandle call 7ff655d81fa0 14->21 22 7ff655d9e403-7ff655d9e416 SetFilePointer 14->22 27 7ff655d9e531-7ff655d9e53c call 7ff655d9dd88 20->27 28 7ff655d9e564-7ff655d9e5ac call 7ff655db797c call 7ff655d8129c call 7ff655d98090 call 7ff655d81fa0 call 7ff655d932bc 20->28 21->7 22->21 24 7ff655d9e41c-7ff655d9e43e ReadFile 22->24 24->21 29 7ff655d9e444-7ff655d9e452 24->29 27->28 38 7ff655d9e53e-7ff655d9e562 CompareStringW 27->38 71 7ff655d9e5b1-7ff655d9e5b4 28->71 32 7ff655d9e800-7ff655d9e807 call 7ff655db2624 29->32 33 7ff655d9e458-7ff655d9e4ac call 7ff655db797c call 7ff655d8129c 29->33 50 7ff655d9e4c3-7ff655d9e4d9 call 7ff655d9d0a0 33->50 38->28 42 7ff655d9e5bd-7ff655d9e5c6 38->42 42->20 45 7ff655d9e5cc 42->45 48 7ff655d9e5d1-7ff655d9e5d4 45->48 52 7ff655d9e63f-7ff655d9e642 48->52 53 7ff655d9e5d6-7ff655d9e5d9 48->53 60 7ff655d9e4ae-7ff655d9e4be call 7ff655d9dd88 50->60 61 7ff655d9e4db-7ff655d9e4eb call 7ff655d81fa0 * 2 50->61 56 7ff655d9e7c2-7ff655d9e7ff call 7ff655d81fa0 * 2 call 7ff655db2320 52->56 57 7ff655d9e648-7ff655d9e65b call 7ff655d97eb0 call 7ff655d951a4 52->57 58 7ff655d9e5dd-7ff655d9e62d call 7ff655db797c call 7ff655d8129c call 7ff655d98090 call 7ff655d81fa0 call 7ff655d932bc 53->58 82 7ff655d9e661-7ff655d9e701 call 7ff655d9dd88 * 2 call 7ff655d9aae0 call 7ff655d9da98 call 7ff655d9aae0 call 7ff655d9dc2c call 7ff655da87ac call 7ff655d819e0 57->82 83 7ff655d9e706-7ff655d9e753 call 7ff655d9da98 AllocConsole 57->83 106 7ff655d9e62f-7ff655d9e638 58->106 107 7ff655d9e63c 58->107 60->50 61->21 76 7ff655d9e5ce 71->76 77 7ff655d9e5b6 71->77 76->48 77->42 97 7ff655d9e7b4-7ff655d9e7bb call 7ff655d819e0 ExitProcess 82->97 94 7ff655d9e7b0 83->94 95 7ff655d9e755-7ff655d9e7aa GetCurrentProcessId AttachConsole call 7ff655d9e868 call 7ff655d9e858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->97 95->94 106->58 112 7ff655d9e63a 106->112 107->52 112->52
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                • API String ID: 1496594111-2013832382
                                                                                • Opcode ID: 468c4a7f069b7598ff125167d5f4f846522f64d48354b40e84144950afa66450
                                                                                • Instruction ID: c94b8f6b36b775558e71432e4c1910b5fe182495f47e1db7b1c117e3cef0ea24
                                                                                • Opcode Fuzzy Hash: 468c4a7f069b7598ff125167d5f4f846522f64d48354b40e84144950afa66450
                                                                                • Instruction Fuzzy Hash: 9E324E3AA09B8295E7119F60E8481E933B4FF44B58F580336DA4DA77A5EF3CEA45C344
                                                                                Function 00007FF655D998DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D98E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF655D98F8D
                                                                                • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF655D99F75
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D9A42F
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D9A435
                                                                                  • Part of subcall function 00007FF655DA0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF655DA0B44), ref: 00007FF655DA0BE9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                • API String ID: 3629253777-3268106645
                                                                                • Opcode ID: d5e184d1739c57cd0f07290b4b435b9f8b6515e69c147f3d5d8e6c96380bb7e8
                                                                                • Instruction ID: 7c4447c46ed3332b66cc8809d42c5e1ba03a8cea03962ca0c6eee880fcbeadf2
                                                                                • Opcode Fuzzy Hash: d5e184d1739c57cd0f07290b4b435b9f8b6515e69c147f3d5d8e6c96380bb7e8
                                                                                • Instruction Fuzzy Hash: 0D62B12BA1964295EB10DB64C46C2BD6371FB40B8CF885335DA4DA7A95EF3CED84C348
                                                                                Function 00007FF655DB1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1911 7ff655db1900-7ff655db1989 call 7ff655db1558 1914 7ff655db19b4-7ff655db19d1 1911->1914 1915 7ff655db198b-7ff655db19af call 7ff655db1868 RaiseException 1911->1915 1917 7ff655db19d3-7ff655db19e4 1914->1917 1918 7ff655db19e6-7ff655db19ea 1914->1918 1921 7ff655db1bb8-7ff655db1bd5 1915->1921 1920 7ff655db19ed-7ff655db19f9 1917->1920 1918->1920 1922 7ff655db1a1a-7ff655db1a1d 1920->1922 1923 7ff655db19fb-7ff655db1a0d 1920->1923 1924 7ff655db1ac4-7ff655db1acb 1922->1924 1925 7ff655db1a23-7ff655db1a26 1922->1925 1931 7ff655db1a13 1923->1931 1932 7ff655db1b89-7ff655db1b93 1923->1932 1927 7ff655db1adf-7ff655db1ae2 1924->1927 1928 7ff655db1acd-7ff655db1adc 1924->1928 1929 7ff655db1a28-7ff655db1a3b 1925->1929 1930 7ff655db1a3d-7ff655db1a52 LoadLibraryExA 1925->1930 1933 7ff655db1b85 1927->1933 1934 7ff655db1ae8-7ff655db1aec 1927->1934 1928->1927 1929->1930 1936 7ff655db1aa9-7ff655db1ab2 1929->1936 1935 7ff655db1a54-7ff655db1a67 GetLastError 1930->1935 1930->1936 1931->1922 1943 7ff655db1bb0 call 7ff655db1868 1932->1943 1944 7ff655db1b95-7ff655db1ba6 1932->1944 1933->1932 1941 7ff655db1aee-7ff655db1af2 1934->1941 1942 7ff655db1b1b-7ff655db1b2e GetProcAddress 1934->1942 1945 7ff655db1a7e-7ff655db1aa4 call 7ff655db1868 RaiseException 1935->1945 1946 7ff655db1a69-7ff655db1a7c 1935->1946 1937 7ff655db1ab4-7ff655db1ab7 FreeLibrary 1936->1937 1938 7ff655db1abd 1936->1938 1937->1938 1938->1924 1941->1942 1947 7ff655db1af4-7ff655db1aff 1941->1947 1942->1933 1950 7ff655db1b30-7ff655db1b43 GetLastError 1942->1950 1955 7ff655db1bb5 1943->1955 1944->1943 1945->1921 1946->1936 1946->1945 1947->1942 1953 7ff655db1b01-7ff655db1b08 1947->1953 1951 7ff655db1b45-7ff655db1b58 1950->1951 1952 7ff655db1b5a-7ff655db1b81 call 7ff655db1868 RaiseException call 7ff655db1558 1950->1952 1951->1933 1951->1952 1952->1933 1953->1942 1958 7ff655db1b0a-7ff655db1b0f 1953->1958 1955->1921 1958->1942 1961 7ff655db1b11-7ff655db1b19 1958->1961 1961->1933 1961->1942
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                • String ID: H
                                                                                • API String ID: 3432403771-2852464175
                                                                                • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction ID: c1931a897578eaafa980068d8ab35028f3294e97e582b11e15ddbc20ebe78aea
                                                                                • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                • Instruction Fuzzy Hash: 3A914C3BA15B518AEB00DFA5D8486A823B5FB09F98F484735DE0DA7754EF38E845C708
                                                                                Function 00007FF655DAF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 1989 7ff655daf4e0-7ff655daf523 1990 7ff655daf894-7ff655daf8b9 call 7ff655d81fa0 call 7ff655db2320 1989->1990 1991 7ff655daf529-7ff655daf565 call 7ff655db3cf0 1989->1991 1997 7ff655daf567 1991->1997 1998 7ff655daf56a-7ff655daf571 1991->1998 1997->1998 2000 7ff655daf582-7ff655daf586 1998->2000 2001 7ff655daf573-7ff655daf577 1998->2001 2004 7ff655daf588 2000->2004 2005 7ff655daf58b-7ff655daf596 2000->2005 2002 7ff655daf579 2001->2002 2003 7ff655daf57c-7ff655daf580 2001->2003 2002->2003 2003->2005 2004->2005 2006 7ff655daf628 2005->2006 2007 7ff655daf59c 2005->2007 2008 7ff655daf62c-7ff655daf62f 2006->2008 2009 7ff655daf5a2-7ff655daf5a9 2007->2009 2010 7ff655daf631-7ff655daf635 2008->2010 2011 7ff655daf637-7ff655daf63a 2008->2011 2012 7ff655daf5ae-7ff655daf5b3 2009->2012 2013 7ff655daf5ab 2009->2013 2010->2011 2014 7ff655daf660-7ff655daf673 call 7ff655d963ac 2010->2014 2011->2014 2015 7ff655daf63c-7ff655daf643 2011->2015 2016 7ff655daf5e5-7ff655daf5f0 2012->2016 2017 7ff655daf5b5 2012->2017 2013->2012 2032 7ff655daf675-7ff655daf693 call 7ff655da13c4 2014->2032 2033 7ff655daf698-7ff655daf6ed call 7ff655db797c call 7ff655d8129c call 7ff655d932a8 call 7ff655d81fa0 2014->2033 2015->2014 2019 7ff655daf645-7ff655daf65c 2015->2019 2021 7ff655daf5f5-7ff655daf5fa 2016->2021 2022 7ff655daf5f2 2016->2022 2018 7ff655daf5ca-7ff655daf5d0 2017->2018 2023 7ff655daf5d2 2018->2023 2024 7ff655daf5b7-7ff655daf5be 2018->2024 2019->2014 2026 7ff655daf600-7ff655daf607 2021->2026 2027 7ff655daf8ba-7ff655daf8c1 2021->2027 2022->2021 2023->2016 2028 7ff655daf5c0 2024->2028 2029 7ff655daf5c3-7ff655daf5c8 2024->2029 2034 7ff655daf609 2026->2034 2035 7ff655daf60c-7ff655daf612 2026->2035 2030 7ff655daf8c3 2027->2030 2031 7ff655daf8c6-7ff655daf8cb 2027->2031 2028->2029 2029->2018 2036 7ff655daf5d4-7ff655daf5db 2029->2036 2030->2031 2037 7ff655daf8de-7ff655daf8e6 2031->2037 2038 7ff655daf8cd-7ff655daf8d4 2031->2038 2032->2033 2056 7ff655daf6ef-7ff655daf73d call 7ff655db797c call 7ff655d8129c call 7ff655d95b60 call 7ff655d81fa0 2033->2056 2057 7ff655daf742-7ff655daf74f ShellExecuteExW 2033->2057 2034->2035 2035->2027 2041 7ff655daf618-7ff655daf622 2035->2041 2042 7ff655daf5e0 2036->2042 2043 7ff655daf5dd 2036->2043 2046 7ff655daf8e8 2037->2046 2047 7ff655daf8eb-7ff655daf8f6 2037->2047 2044 7ff655daf8d9 2038->2044 2045 7ff655daf8d6 2038->2045 2041->2006 2041->2009 2042->2016 2043->2042 2044->2037 2045->2044 2046->2047 2047->2008 2056->2057 2059 7ff655daf755-7ff655daf75f 2057->2059 2060 7ff655daf846-7ff655daf84e 2057->2060 2064 7ff655daf761-7ff655daf764 2059->2064 2065 7ff655daf76f-7ff655daf772 2059->2065 2062 7ff655daf850-7ff655daf866 2060->2062 2063 7ff655daf882-7ff655daf88f 2060->2063 2070 7ff655daf868-7ff655daf87b 2062->2070 2071 7ff655daf87d call 7ff655db220c 2062->2071 2063->1990 2064->2065 2066 7ff655daf766-7ff655daf76d 2064->2066 2067 7ff655daf78e-7ff655daf7ad call 7ff655dee1b8 call 7ff655dafe24 2065->2067 2068 7ff655daf774-7ff655daf77f call 7ff655dee188 2065->2068 2066->2065 2072 7ff655daf7e3-7ff655daf7f0 CloseHandle 2066->2072 2067->2072 2097 7ff655daf7af-7ff655daf7b2 2067->2097 2068->2067 2087 7ff655daf781-7ff655daf78c ShowWindow 2068->2087 2070->2071 2076 7ff655daf8fb-7ff655daf903 call 7ff655db7904 2070->2076 2071->2063 2082 7ff655daf805-7ff655daf80c 2072->2082 2083 7ff655daf7f2-7ff655daf803 call 7ff655da13c4 2072->2083 2085 7ff655daf82e-7ff655daf830 2082->2085 2086 7ff655daf80e-7ff655daf811 2082->2086 2083->2082 2083->2085 2085->2060 2093 7ff655daf832-7ff655daf835 2085->2093 2086->2085 2092 7ff655daf813-7ff655daf828 2086->2092 2087->2067 2092->2085 2093->2060 2096 7ff655daf837-7ff655daf845 ShowWindow 2093->2096 2096->2060 2097->2072 2099 7ff655daf7b4-7ff655daf7c5 GetExitCodeProcess 2097->2099 2099->2072 2100 7ff655daf7c7-7ff655daf7dc 2099->2100 2100->2072
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                • String ID: .exe$.inf$Install$p
                                                                                • API String ID: 1054546013-3607691742
                                                                                • Opcode ID: c93eaa18019216a85c3e78fe71fcdc46f058aac99f8069240fe2a65e9d023974
                                                                                • Instruction ID: acac43fae8aa256415769c0d6de9b76f4250acc8b8ace5b7b15846b869ee4880
                                                                                • Opcode Fuzzy Hash: c93eaa18019216a85c3e78fe71fcdc46f058aac99f8069240fe2a65e9d023974
                                                                                • Instruction Fuzzy Hash: BFC1807BF0864395FA50CB65D94827AA361AF85F88F084371CA4DA77A4DF3CEC958308
                                                                                Function 00007FF655DAF0A4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                • String ID:
                                                                                • API String ID: 3569833718-0
                                                                                • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction ID: e88a9ff34786c688eec05201e835f84d1fa035cbc1b6a169740da59cce211f82
                                                                                • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                • Instruction Fuzzy Hash: 7C41903AB1464386F7108F61E818BAA7360EB85F9DF481335DD0AA7B95CE3DDC458748
                                                                                Function 00007FF655D8EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 39ec4a74e49df8f56e32db411fcadac0f579ee807ced4d6d4e98762d9bdd5929
                                                                                • Instruction ID: e63d2437b2c591f9fe56f9765f950edbe73dfde764f7fc28fa3cf0f2f3811f69
                                                                                • Opcode Fuzzy Hash: 39ec4a74e49df8f56e32db411fcadac0f579ee807ced4d6d4e98762d9bdd5929
                                                                                • Instruction Fuzzy Hash: C812D367F0874285EB10DB64D4482AD6372EB45BACF441336DA5CA7ADADF3CE889C305
                                                                                Function 00007FF655D924C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3528 7ff655d924c0-7ff655d924fb 3529 7ff655d92506 3528->3529 3530 7ff655d924fd-7ff655d92504 3528->3530 3531 7ff655d92509-7ff655d92578 3529->3531 3530->3529 3530->3531 3532 7ff655d9257a 3531->3532 3533 7ff655d9257d-7ff655d925a8 CreateFileW 3531->3533 3532->3533 3534 7ff655d925ae-7ff655d925de GetLastError call 7ff655d96a0c 3533->3534 3535 7ff655d92688-7ff655d9268d 3533->3535 3543 7ff655d925e0-7ff655d9262a CreateFileW GetLastError 3534->3543 3544 7ff655d9262c 3534->3544 3537 7ff655d92693-7ff655d92697 3535->3537 3539 7ff655d926a5-7ff655d926a9 3537->3539 3540 7ff655d92699-7ff655d9269c 3537->3540 3541 7ff655d926cf-7ff655d926e3 3539->3541 3542 7ff655d926ab-7ff655d926af 3539->3542 3540->3539 3545 7ff655d9269e 3540->3545 3547 7ff655d926e5-7ff655d926f0 3541->3547 3548 7ff655d9270c-7ff655d92735 call 7ff655db2320 3541->3548 3542->3541 3546 7ff655d926b1-7ff655d926c9 SetFileTime 3542->3546 3549 7ff655d92632-7ff655d9263a 3543->3549 3544->3549 3545->3539 3546->3541 3550 7ff655d926f2-7ff655d926fa 3547->3550 3551 7ff655d92708 3547->3551 3552 7ff655d92673-7ff655d92686 3549->3552 3553 7ff655d9263c-7ff655d92653 3549->3553 3555 7ff655d926ff-7ff655d92703 call 7ff655d820b0 3550->3555 3556 7ff655d926fc 3550->3556 3551->3548 3552->3537 3557 7ff655d9266e call 7ff655db220c 3553->3557 3558 7ff655d92655-7ff655d92668 3553->3558 3555->3551 3556->3555 3557->3552 3558->3557 3561 7ff655d92736-7ff655d9273b call 7ff655db7904 3558->3561
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3536497005-0
                                                                                • Opcode ID: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
                                                                                • Instruction ID: 47fb9b789c14fd55767fe776a960cae222456aac7ff7d45dfcaffc723076f4c5
                                                                                • Opcode Fuzzy Hash: 3a28dd0dcfd7b89b689d9fe25ecc7464786bdc3a32dccfb94d5fbab1a7314792
                                                                                • Instruction Fuzzy Hash: B961E76BA1868185E7208B69E41836E67B1F784BACF141334DFAD63AD4CF3DD894C748
                                                                                Function 00007FF655DAFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3565 7ff655dafd0c-7ff655dafd37 3566 7ff655dafd39 3565->3566 3567 7ff655dafd3c-7ff655dafd76 SetEnvironmentVariableW call 7ff655d9d0a0 3565->3567 3566->3567 3570 7ff655dafdc3-7ff655dafdcb 3567->3570 3571 7ff655dafd78 3567->3571 3572 7ff655dafdff-7ff655dafe1a call 7ff655db2320 3570->3572 3573 7ff655dafdcd-7ff655dafde3 3570->3573 3574 7ff655dafd7c-7ff655dafd84 3571->3574 3575 7ff655dafde5-7ff655dafdf8 3573->3575 3576 7ff655dafdfa call 7ff655db220c 3573->3576 3578 7ff655dafd89-7ff655dafd94 call 7ff655d9d4c0 3574->3578 3579 7ff655dafd86 3574->3579 3575->3576 3581 7ff655dafe1b-7ff655dafe23 call 7ff655db7904 3575->3581 3576->3572 3587 7ff655dafda3-7ff655dafda8 3578->3587 3588 7ff655dafd96-7ff655dafda1 3578->3588 3579->3578 3589 7ff655dafdad-7ff655dafdc2 SetEnvironmentVariableW 3587->3589 3590 7ff655dafdaa 3587->3590 3588->3574 3589->3570 3590->3589
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                • String ID: sfxcmd$sfxpar
                                                                                • API String ID: 3540648995-3493335439
                                                                                • Opcode ID: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
                                                                                • Instruction ID: bfc0cc9d61e85e6a438265975d36134f2fd8b1a9b95b76bbb19a4e1ed0f0bbd1
                                                                                • Opcode Fuzzy Hash: f7f09a535254ba7702706040489ea7439e58d63b661cc729fc85acc9afefde13
                                                                                • Instruction Fuzzy Hash: 9C318F3BA14A4684EF009B65E4881AD6371FB48F9CF180735DE5DA77A9DF38D841C348
                                                                                Function 00007FF655DAB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                • String ID: ]
                                                                                • API String ID: 3561356813-3352871620
                                                                                • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction ID: 4a900662afd2fd41e01aadeeba0b4d2bdd362051ad7edba05ad188e32c040567
                                                                                • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                • Instruction Fuzzy Hash: 1311963BB0D64346FA249B21D65C27AA291AF89FC8F0C0334DD1D97B99DE2CEC45C608
                                                                                Function 00007FF655DAAE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DialogDispatchPeekTranslate
                                                                                • String ID:
                                                                                • API String ID: 1266772231-0
                                                                                • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction ID: 5316a2961dd079a0a0a1a219dfb9efbda25908c00754ff51166b828b5aa96703
                                                                                • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                • Instruction Fuzzy Hash: CEF0C93AB2954282EB909B20E899A367361FF94B09F885735E64E95854DE2CD948CB08
                                                                                Function 00007FF655DA91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                • String ID: EDIT
                                                                                • API String ID: 4243998846-3080729518
                                                                                • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction ID: e21af97401140219ec11aad05b4b1999f4ab6743d03a01d36be64cb2e6382ed7
                                                                                • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                • Instruction Fuzzy Hash: BC011767B1564381FA209B11E8187F66350BF99F48F8C1331C94D9A655EE2CD949C644
                                                                                Function 00007FF655D92CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3864 7ff655d92ce0-7ff655d92d0a 3865 7ff655d92d13-7ff655d92d1b 3864->3865 3866 7ff655d92d0c-7ff655d92d0e 3864->3866 3868 7ff655d92d2b 3865->3868 3869 7ff655d92d1d-7ff655d92d28 GetStdHandle 3865->3869 3867 7ff655d92ea9-7ff655d92ec4 call 7ff655db2320 3866->3867 3871 7ff655d92d31-7ff655d92d3d 3868->3871 3869->3868 3873 7ff655d92d3f-7ff655d92d44 3871->3873 3874 7ff655d92d86-7ff655d92da2 WriteFile 3871->3874 3875 7ff655d92daf-7ff655d92db3 3873->3875 3876 7ff655d92d46-7ff655d92d7a WriteFile 3873->3876 3877 7ff655d92da6-7ff655d92da9 3874->3877 3879 7ff655d92ea2-7ff655d92ea6 3875->3879 3880 7ff655d92db9-7ff655d92dbd 3875->3880 3876->3877 3878 7ff655d92d7c-7ff655d92d82 3876->3878 3877->3875 3877->3879 3878->3876 3882 7ff655d92d84 3878->3882 3879->3867 3880->3879 3881 7ff655d92dc3-7ff655d92dd8 call 7ff655d8b4f8 3880->3881 3885 7ff655d92e1e-7ff655d92e6d call 7ff655db797c call 7ff655d8129c call 7ff655d8bca8 3881->3885 3886 7ff655d92dda-7ff655d92de1 3881->3886 3882->3877 3885->3879 3897 7ff655d92e6f-7ff655d92e86 3885->3897 3886->3871 3887 7ff655d92de7-7ff655d92de9 3886->3887 3887->3871 3889 7ff655d92def-7ff655d92e19 3887->3889 3889->3871 3898 7ff655d92e88-7ff655d92e9b 3897->3898 3899 7ff655d92e9d call 7ff655db220c 3897->3899 3898->3899 3900 7ff655d92ec5-7ff655d92ecb call 7ff655db7904 3898->3900 3899->3879
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$Handle
                                                                                • String ID:
                                                                                • API String ID: 4209713984-0
                                                                                • Opcode ID: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
                                                                                • Instruction ID: 39a0f72e385216577e90e393c3a5ed5ea25d4830b39ca6ce81649e2975c54134
                                                                                • Opcode Fuzzy Hash: 36bd0183a846d9ba9312903715bf2ef21d1db3e0abb52a3d50b28083c89a0b57
                                                                                • Instruction Fuzzy Hash: D551046BA1864282FA50CB65D85877A2360FF84F98F081335EA0D97A94DF3CEC85C744
                                                                                Function 00007FF655DB03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                • String ID:
                                                                                • API String ID: 2912839123-0
                                                                                • Opcode ID: fc1dbc180cc96f95be2c8896ee01285d2f87486fd65e1fc7a35e6e120e6522b5
                                                                                • Instruction ID: 3f3bed421abbefb40f3ea49855a7c7ec938261087804b5ce321fb446edf3e7a5
                                                                                • Opcode Fuzzy Hash: fc1dbc180cc96f95be2c8896ee01285d2f87486fd65e1fc7a35e6e120e6522b5
                                                                                • Instruction Fuzzy Hash: BD51C467F1465284FF00ABA4D8483AD2362AF44FA8F484735DA1CA6BD9DF6CE940C708
                                                                                Function 00007FF655D93684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2359106489-0
                                                                                • Opcode ID: 4afa93bd4a700d257cdc7d509a41c9c5d78617ffec5cec458594de29b09af307
                                                                                • Instruction ID: b1188f9d6c125c2f4edf35067259acda709401eecf0637d75e594431ae816ab3
                                                                                • Opcode Fuzzy Hash: 4afa93bd4a700d257cdc7d509a41c9c5d78617ffec5cec458594de29b09af307
                                                                                • Instruction Fuzzy Hash: 6E31956FA0C68241EA609B25A46C2796371FF89FA8F580331EE9DD3795DF3CDC458608
                                                                                Function 00007FF655DB2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                • String ID:
                                                                                • API String ID: 1452418845-0
                                                                                • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction ID: c3b2e7ffc6f87bb46028ad32f7259b893a309dae3a20d2f615bb06568446e39c
                                                                                • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                • Instruction Fuzzy Hash: 84314E1BE0810341FA14BBA5D45D3B92292AF41FACF4C0734D90DEB2E3DE2DAC448A4D
                                                                                Function 00007FF655D92320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$FileHandleRead
                                                                                • String ID:
                                                                                • API String ID: 2244327787-0
                                                                                • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction ID: cb390697892f5790ce9393c21a0f08a7af4a628af83ace34333cb37d47e27145
                                                                                • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                • Instruction Fuzzy Hash: 0D21922BA0C54281EA609B91A41823963B0FB45F9CF1C4738DA5DE6A84CF7DEC858758
                                                                                Function 00007FF655D9E948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D9ECD8: ResetEvent.KERNEL32 ref: 00007FF655D9ECF1
                                                                                  • Part of subcall function 00007FF655D9ECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF655D9ED07
                                                                                • ReleaseSemaphore.KERNEL32 ref: 00007FF655D9E974
                                                                                • CloseHandle.KERNELBASE ref: 00007FF655D9E993
                                                                                • DeleteCriticalSection.KERNEL32 ref: 00007FF655D9E9AA
                                                                                • CloseHandle.KERNEL32 ref: 00007FF655D9E9B7
                                                                                  • Part of subcall function 00007FF655D9EA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF655D9E95F,?,?,?,00007FF655D9463A,?,?,?), ref: 00007FF655D9EA63
                                                                                  • Part of subcall function 00007FF655D9EA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF655D9E95F,?,?,?,00007FF655D9463A,?,?,?), ref: 00007FF655D9EA6E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                • String ID:
                                                                                • API String ID: 502429940-0
                                                                                • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction ID: b4cbfe8e7a9196ea4c5560834b7400f69e36bf47b0a6b3746324462f69415bcd
                                                                                • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                • Instruction Fuzzy Hash: 63016D3BA14A91E2E658DB21E55866DA330FB84B84F040331DB5DA3221CF39E8B48744
                                                                                Function 00007FF655D9EAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Thread$CreatePriority
                                                                                • String ID: CreateThread failed
                                                                                • API String ID: 2610526550-3849766595
                                                                                • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction ID: 1b8574a07746401310cc98f3628f0140a1f84bc78f8b4e070db104be7ce65fef
                                                                                • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                • Instruction Fuzzy Hash: 5011513BA09A4281E700DF10E849169B370FB84F8CF5C4331D64D92665DF3CE946C748
                                                                                Function 00007FF655DA946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: DirectoryInitializeMallocSystem
                                                                                • String ID: riched20.dll
                                                                                • API String ID: 174490985-3360196438
                                                                                • Opcode ID: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                • Instruction ID: 08c95621986989f588e542da2bba16067ce8e31aafbc7fccf3cb94d7f1c8b535
                                                                                • Opcode Fuzzy Hash: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                • Instruction Fuzzy Hash: 00F04476518A4282E7419F60F41816EB3A0FB88B58F480335E58D96B54DF7CD989CB04
                                                                                Function 00007FF655DA095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655DA853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF655DA856C
                                                                                  • Part of subcall function 00007FF655D9AAE0: LoadStringW.USER32 ref: 00007FF655D9AB67
                                                                                  • Part of subcall function 00007FF655D9AAE0: LoadStringW.USER32 ref: 00007FF655D9AB80
                                                                                  • Part of subcall function 00007FF655D81FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D81FFB
                                                                                  • Part of subcall function 00007FF655D8129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF655D81396
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655DB01BB
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655DB01C1
                                                                                • SendDlgItemMessageW.USER32 ref: 00007FF655DB01F2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                • String ID:
                                                                                • API String ID: 3106221260-0
                                                                                • Opcode ID: bd759a4fa0bd9309ccea4b20fd132112b516600e79edc36bc9085e82c2e5f9f2
                                                                                • Instruction ID: 12c0c4aa1bb86508e12312e2ddbbe5106b84df711fe842b6d05c75c99016c8eb
                                                                                • Opcode Fuzzy Hash: bd759a4fa0bd9309ccea4b20fd132112b516600e79edc36bc9085e82c2e5f9f2
                                                                                • Instruction Fuzzy Hash: 8D519F6BF0564286EB10ABA5D4592FD2322AB85FDCF480335DE0DA77D6DE2CE944C348
                                                                                Function 00007FF655D92134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2272807158-0
                                                                                • Opcode ID: 0c3154c3ea30730f01a4f8c09a6becc7efe45a6579d5a839052cc1f3b70dbf60
                                                                                • Instruction ID: f423466009993f462cf9f9dd7ab6d365f9d1d78ee875bcb15206897b764b1462
                                                                                • Opcode Fuzzy Hash: 0c3154c3ea30730f01a4f8c09a6becc7efe45a6579d5a839052cc1f3b70dbf60
                                                                                • Instruction Fuzzy Hash: 7F41B477A0878182EB108B55E45826D63A1FB84BB8F145334DFAD67AD5CF3CE8948708
                                                                                Function 00007FF655D823F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2176759853-0
                                                                                • Opcode ID: 7a493db6b2aa3cd2f88e086a9d80210bd8f4b3ce53d8088c5f8b34bcaf14f9b4
                                                                                • Instruction ID: a5b8d4938e1f290dd80b830f03896b5abb336358302c1293cc25460f43f9c2a7
                                                                                • Opcode Fuzzy Hash: 7a493db6b2aa3cd2f88e086a9d80210bd8f4b3ce53d8088c5f8b34bcaf14f9b4
                                                                                • Instruction Fuzzy Hash: 7A21C277A18B8181EA109B65E44417AB361FB89FE4F185335EB9C53B95CF3CD480CB04
                                                                                Function 00007FF655DA1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1875163511-0
                                                                                • Opcode ID: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                                • Instruction ID: 7e2ffbe2914e7b7d3bed76469004e9fd7d2e7a81e8ded1d8b987706123a7546a
                                                                                • Opcode Fuzzy Hash: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                                • Instruction Fuzzy Hash: B031BE27A0868651EB259755E4483BA63A0FB40F88F4C4331D28DA29A9DF6CEDC6C309
                                                                                Function 00007FF655D93D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: f54af9b99a092d8e3351366c83bb5c41e52826feeb3933286249cd948367a950
                                                                                • Instruction ID: 64c7b04d21344095a2250b40f18de4369342ec62e36ebb349fc3f172603507d9
                                                                                • Opcode Fuzzy Hash: f54af9b99a092d8e3351366c83bb5c41e52826feeb3933286249cd948367a950
                                                                                • Instruction Fuzzy Hash: D021B827B1868181EE209B25E4692696371FFC4F98F185334EE9D96795EF2CD940CA08
                                                                                Function 00007FF655D931BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3118131910-0
                                                                                • Opcode ID: 932ad18ef346e480087a3096a192501f062bfc4628e0a3d12bdedb18b4200694
                                                                                • Instruction ID: d675754e618148c15a3958bfc66814b0a25c31d00a0955a48303a44b491f772d
                                                                                • Opcode Fuzzy Hash: 932ad18ef346e480087a3096a192501f062bfc4628e0a3d12bdedb18b4200694
                                                                                • Instruction Fuzzy Hash: 8221C837A1878182EE109B25F45822E6371FB85F98F541334EE9E97A95DF3CD940CB08
                                                                                Function 00007FF655D932BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1203560049-0
                                                                                • Opcode ID: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
                                                                                • Instruction ID: 0bd32340413574b8b0be98a049ab199e65bd6c4caa4acf3977ef2c6e2b9298b9
                                                                                • Opcode Fuzzy Hash: 85da30fe1743cc553a0db4a1375168b1f74b8b313009b96f55f923233ac5e066
                                                                                • Instruction Fuzzy Hash: A8217437A1868181EE109B29E4581296371FB89FA8F580331EA9D97BE5DF3CD940CB08
                                                                                Function 00007FF655DBBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID:
                                                                                • API String ID: 1703294689-0
                                                                                • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction ID: 684f08cd7167887c4586b505dc8c8f64f109c71b3b64747b409eaeafe72a60f0
                                                                                • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                • Instruction Fuzzy Hash: CAE0122EA0430546FA546B21989977913535F88F59F185738C84A93396CE3DEC494B04
                                                                                Function 00007FF655D8F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D8F895
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D8F89B
                                                                                  • Part of subcall function 00007FF655D93EC8: FindClose.KERNELBASE(?,?,00000000,00007FF655DA0811), ref: 00007FF655D93EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                • String ID:
                                                                                • API String ID: 3587649625-0
                                                                                • Opcode ID: aa1ea596e9d1cadc8f56f1dbcb820402499d9af580a35bcbf67a9d3a71afab75
                                                                                • Instruction ID: daa53024c433d937d7f5fbaf8177819dda47ed3d9fe75772a2e0bda3e2e478b1
                                                                                • Opcode Fuzzy Hash: aa1ea596e9d1cadc8f56f1dbcb820402499d9af580a35bcbf67a9d3a71afab75
                                                                                • Instruction Fuzzy Hash: 3391E477A18B8290FB10DF64D4482AD6361FB44B9CF481335EA4CA7ADADF78D985C305
                                                                                Function 00007FF655D83904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 059fe93b6b6045c61731c70e0e29f52abe1320b84121e6dc329f1e36eead177c
                                                                                • Instruction ID: de9253e4b6f646a6905feb402855caa0479386d5fae5355d75b9af8086f175ca
                                                                                • Opcode Fuzzy Hash: 059fe93b6b6045c61731c70e0e29f52abe1320b84121e6dc329f1e36eead177c
                                                                                • Instruction Fuzzy Hash: D341A267F1465185FB00EBB1D8482BD2361AF44F9CF186335DE1DB7A99DE38D8828305
                                                                                Function 00007FF655D92778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF655D9274D), ref: 00007FF655D928A9
                                                                                • GetLastError.KERNEL32(?,00007FF655D9274D), ref: 00007FF655D928B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction ID: 099afe1ecf1fe050085ca1ed855527b0ad2fa749f690bd6385f0c2bfcfc3af64
                                                                                • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                • Instruction Fuzzy Hash: 4231C52BB19A5282EA604B6AD9586F92364AF04FDCF1C0331DE1DA7790DF3CDC818645
                                                                                Function 00007FF655D822BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1746051919-0
                                                                                • Opcode ID: 3846a219fa003ef6eba4311ff2349970a98922bd5935619b32e66c41ec2b6e9c
                                                                                • Instruction ID: fbd332fd7091a23d65c5d4215f7b13ab565be90d534c14af3e01d5ad2be1aa43
                                                                                • Opcode Fuzzy Hash: 3846a219fa003ef6eba4311ff2349970a98922bd5935619b32e66c41ec2b6e9c
                                                                                • Instruction Fuzzy Hash: 9C31F027A1874282EA109B55F45836EB361EB84F98F485335EB9C57B95DF3CE8408708
                                                                                Function 00007FF655D92AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File$BuffersFlushTime
                                                                                • String ID:
                                                                                • API String ID: 1392018926-0
                                                                                • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction ID: 6e62ad240d2f00749348afe899d3d936aaf39420e817b94a7299600e08141720
                                                                                • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                • Instruction Fuzzy Hash: 1021B227E09B4291EA628E91D4297BA57F0AF01F9EF194331DE4C56299EE3CDD86C304
                                                                                Function 00007FF655D9AAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: LoadString
                                                                                • String ID:
                                                                                • API String ID: 2948472770-0
                                                                                • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction ID: c443855d0e4e6e1e63ea1f571726795a14b84dd9de5aa62c75f3b0dbe4c8af5b
                                                                                • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                • Instruction Fuzzy Hash: 7511517AB0964286E600CF16A848169B7A1BB88FD8F5C4735CA0DE3B20DE7CE9418348
                                                                                Function 00007FF655D92BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFileLastPointer
                                                                                • String ID:
                                                                                • API String ID: 2976181284-0
                                                                                • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction ID: 303b28b7835ad3f706b78b48f87cf8371469b7457c5c34d994d7ad33531da644
                                                                                • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                • Instruction Fuzzy Hash: A0116027A0864281EB608B65E8586796260FB45FBCF5C4331DA7DE62D4CF3CED82C344
                                                                                Function 00007FF655D8255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ItemRectTextWindow$Clientswprintf
                                                                                • String ID:
                                                                                • API String ID: 3322643685-0
                                                                                • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction ID: ed7f6e68143d99139e92b37f7b11bbb0d644296b84e54067a0d554beca808a98
                                                                                • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                • Instruction Fuzzy Hash: 6E01751AA4D28B81FF555B91A46C27963929F45F4CF0C1375C84DA6AD9DE2CEC88C309
                                                                                Function 00007FF655D9EB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF655D9EBAD,?,?,?,?,00007FF655D95752,?,?,?,00007FF655D956DE), ref: 00007FF655D9EB5C
                                                                                • GetProcessAffinityMask.KERNEL32 ref: 00007FF655D9EB6F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Process$AffinityCurrentMask
                                                                                • String ID:
                                                                                • API String ID: 1231390398-0
                                                                                • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction ID: 42c0b9f043829ef706958857f65bd602c86b815d02148e5d67c6a84051aca578
                                                                                • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                • Instruction Fuzzy Hash: E0E0E566B1454646DB098F55C4549A963A2FF88F48F888235D60BD3614DE2CE9498B00
                                                                                Function 00007FF655DB21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 1173176844-0
                                                                                • Opcode ID: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                • Instruction ID: 0cced537a7ce37d3fa58467a3e8a434720c3196ba92268232fe76e2cd26e9342
                                                                                • Opcode Fuzzy Hash: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                • Instruction Fuzzy Hash: 3EE0EC4BE0B10745FD1832E6982D1B900524F19FB8E5C5730DA3EE46D6AD1CAC958A18
                                                                                Function 00007FF655DBD90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFreeHeapLast
                                                                                • String ID:
                                                                                • API String ID: 485612231-0
                                                                                • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction ID: f22859bb4cdfd165b8831060a9ab0b631887a451e425d3f3c76fb0d34de98131
                                                                                • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                • Instruction Fuzzy Hash: 62E0BF5AE0954786FF18BBB2984D6B413925F94F69B0C4334C90EE6252EE2CAD858A08
                                                                                Function 00007FF655D833E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: bdf8625448bd8dcd1def64a6508c1891a019ebdf0eaa44acf70db7eea19c6d5a
                                                                                • Instruction ID: 04a7d3ce75df96c457c3b89a4b2ef8fc141c6005d200f647d22d6129e2cf3ac4
                                                                                • Opcode Fuzzy Hash: bdf8625448bd8dcd1def64a6508c1891a019ebdf0eaa44acf70db7eea19c6d5a
                                                                                • Instruction Fuzzy Hash: A2D1C86BB0868156EB288B2599582B967A1FB05F88F0C1335CF1D977A1CF38EC658706
                                                                                Function 00007FF655D95294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1017591355-0
                                                                                • Opcode ID: cc14dedd2e5cc10f866aa6caa5d21262f0f150b8de9e36933eecb23af5082f8f
                                                                                • Instruction ID: 4032643d82051cce544f3aefefe8def66906cfe591fb5ce7e44d49672b06d710
                                                                                • Opcode Fuzzy Hash: cc14dedd2e5cc10f866aa6caa5d21262f0f150b8de9e36933eecb23af5082f8f
                                                                                • Instruction Fuzzy Hash: B061E45BE0C64781FAA4AA15A42C27A53A1AF41FDCF5C4331DE4DE6AC5EE7CEC418209
                                                                                Function 00007FF655DA1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D9E948: ReleaseSemaphore.KERNEL32 ref: 00007FF655D9E974
                                                                                  • Part of subcall function 00007FF655D9E948: CloseHandle.KERNELBASE ref: 00007FF655D9E993
                                                                                  • Part of subcall function 00007FF655D9E948: DeleteCriticalSection.KERNEL32 ref: 00007FF655D9E9AA
                                                                                  • Part of subcall function 00007FF655D9E948: CloseHandle.KERNEL32 ref: 00007FF655D9E9B7
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655DA1ACB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 904680172-0
                                                                                • Opcode ID: f80fe9d0374425f4e8acb8f242997014f41c4e78deea76494bb41970906826f3
                                                                                • Instruction ID: a5a0d94c1f9a08e48b2d8b3e693993611a6fa0dc03685b4212d8a4f7d847193c
                                                                                • Opcode Fuzzy Hash: f80fe9d0374425f4e8acb8f242997014f41c4e78deea76494bb41970906826f3
                                                                                • Instruction Fuzzy Hash: 4461F077B05785A2EE08DBA5D1580BD7365FB40F98F584332D72D97AC5CF28E8618308
                                                                                Function 00007FF655D8EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 90bbbe4b03adee6de0a9cfeccf93459ff6427d4f8da8a47d00f3fc41b718dbf5
                                                                                • Instruction ID: 58b26908faf98ba34e6fc8485b6cdd7bbf0706fdeafcf3e8690234346957dda2
                                                                                • Opcode Fuzzy Hash: 90bbbe4b03adee6de0a9cfeccf93459ff6427d4f8da8a47d00f3fc41b718dbf5
                                                                                • Instruction Fuzzy Hash: 3551D46BA0868290FA119B25D4483B96761FB85FDCF4C1336DE4DA7392CE3DE885C709
                                                                                Function 00007FF655D8E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D93EC8: FindClose.KERNELBASE(?,?,00000000,00007FF655DA0811), ref: 00007FF655D93EFD
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D8E993
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1011579015-0
                                                                                • Opcode ID: a98b459d02bd845be10ee4858e1a476889abeecdc2f1b3a80362524ddef0ea38
                                                                                • Instruction ID: 513011c640e62ce9220ebb0243b19243b7c2f72ec25d9f3da29a6fc329eb619b
                                                                                • Opcode Fuzzy Hash: a98b459d02bd845be10ee4858e1a476889abeecdc2f1b3a80362524ddef0ea38
                                                                                • Instruction Fuzzy Hash: FF517127A0868681FF609F25D44936D6361FB84F88F481336DA9DA76A5CF2CD841CB1A
                                                                                Function 00007FF655D91794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 2a7259d764eb0786ebfe04c0f82892bddeea34df329c5f9a795040d30637ea4b
                                                                                • Instruction ID: a99745e78601dcbc3985f310b599bbdc1f91475e08f6930261a83e26c17eec98
                                                                                • Opcode Fuzzy Hash: 2a7259d764eb0786ebfe04c0f82892bddeea34df329c5f9a795040d30637ea4b
                                                                                • Instruction Fuzzy Hash: 83412967B18A8142EE149A53E6183BAA261FB44FC4F4C8735EE5C97F4ADF3CD8518304
                                                                                Function 00007FF655D92F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: ef3369d01a97c9aa4f3b4977493ba9f0ef8ebed8b0182d05534ad700cb30ef07
                                                                                • Instruction ID: 470194e0bbf48863bf386ddcc1bf545abea94a0e38271aac5287efee04222116
                                                                                • Opcode Fuzzy Hash: ef3369d01a97c9aa4f3b4977493ba9f0ef8ebed8b0182d05534ad700cb30ef07
                                                                                • Instruction Fuzzy Hash: 0741D16BA08A4581EE109F29E5693792371EB85FDCF081334EE4D97699DE3DE8808708
                                                                                Function 00007FF655DBBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                • String ID:
                                                                                • API String ID: 3947729631-0
                                                                                • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction ID: d0e893894f7979dc3b507a431b2d6da47ce11573bc0f8fcfd95be9e560c896f9
                                                                                • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                • Instruction Fuzzy Hash: 2841A13BA1861386FB14AB11D8581786252AF54F58F4C8736DA0EF76A1CF3EEC40CB48
                                                                                Function 00007FF655D8129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                • String ID:
                                                                                • API String ID: 680105476-0
                                                                                • Opcode ID: 9aea57e1cbc1acb0343bc23020ebe7367b53934ade50ddaffc586ce89fb7cfd6
                                                                                • Instruction ID: 4fe895deac073d0b3a93c66793edf64264b274df2c710c870748d45d408584d1
                                                                                • Opcode Fuzzy Hash: 9aea57e1cbc1acb0343bc23020ebe7367b53934ade50ddaffc586ce89fb7cfd6
                                                                                • Instruction Fuzzy Hash: 2521A127E0825185EA149B92A4082796250EB05FF4F6C1B30DE3DA7BC1DE7CE8518309
                                                                                Function 00007FF655DC124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction ID: 11454535fe2ae087b1bf2a0ca10c0d3701f576db5a6d41fd0c5e7eb6300aea84
                                                                                • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                                                • Instruction Fuzzy Hash: 44113A2F91D653C6FA109B90E449639B2A5FB40B88F580335E68EE6695DF2CEC008B08
                                                                                Function 00007FF655D83AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: e211765aad0e482f14211f193c2fa738a397cbf9b51fc622cf430de4bdc09e7c
                                                                                • Instruction ID: 9e1b4d81012d82fee40a12f7dd4cf60adb733a1486095992db5f2b00159146ae
                                                                                • Opcode Fuzzy Hash: e211765aad0e482f14211f193c2fa738a397cbf9b51fc622cf430de4bdc09e7c
                                                                                • Instruction Fuzzy Hash: 8401DBA7E1878581FE119728E84922D7361FFC5FA9F485331EA9C577A5DF2CE4408708
                                                                                Function 00007FF655DB1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655DB1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF655DB1573,?,?,?,00007FF655DB192A), ref: 00007FF655DB162B
                                                                                • DloadProtectSection.DELAYIMP ref: 00007FF655DB15C9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: DloadHandleModuleProtectSection
                                                                                • String ID:
                                                                                • API String ID: 2883838935-0
                                                                                • Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction ID: 173680f6c7c9cf6944043b8f6b3a7fe8c7ad40a62e0d08a67c3b204db5bd5aec
                                                                                • Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
                                                                                • Instruction Fuzzy Hash: B811BE6BD0860781FB51AB45E85C37063A1AF14B5DF1C0734C90EE62A1EF3CAD968A08
                                                                                Function 00007FF655D83BC0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: f404972482886fbac3784b7dd97a2e42dd32aefabf754c4576d9ee251be09c6c
                                                                                • Instruction ID: c9ef417e6a800fac6b2e7a067f60b72f95a130e67eafd108b289e419ee823ffc
                                                                                • Opcode Fuzzy Hash: f404972482886fbac3784b7dd97a2e42dd32aefabf754c4576d9ee251be09c6c
                                                                                • Instruction Fuzzy Hash: D2015A77704B8495DA04DF15E44826E7364FB48FC8F688635EB9C47B19DF38D8A08744
                                                                                Function 00007FF655D93EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D940BC: FindFirstFileW.KERNELBASE ref: 00007FF655D9410B
                                                                                  • Part of subcall function 00007FF655D940BC: FindFirstFileW.KERNELBASE ref: 00007FF655D9415E
                                                                                  • Part of subcall function 00007FF655D940BC: GetLastError.KERNEL32 ref: 00007FF655D941AF
                                                                                • FindClose.KERNELBASE(?,?,00000000,00007FF655DA0811), ref: 00007FF655D93EFD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Find$FileFirst$CloseErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1464966427-0
                                                                                • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction ID: ebe788a978279e2b750a924875e70db661b94d4284f2daa1ef318633b77b5cf3
                                                                                • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                • Instruction Fuzzy Hash: 49F0AF6790828185EA50AF75A12827937709B1AFB8F1C1339EE3D572C7CE28D8848748
                                                                                Function 00007FF655D81FA0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 6bde38596525897290305d6296ffc8faf1d7b5cacafae584a3307f91b76bcc97
                                                                                • Instruction ID: 6bed8e7036947606c1b5ff9d365fa1d853ca78c767767b785536d8bbdc3a837d
                                                                                • Opcode Fuzzy Hash: 6bde38596525897290305d6296ffc8faf1d7b5cacafae584a3307f91b76bcc97
                                                                                • Instruction Fuzzy Hash: EAF0BEABB1068980EE189BA9C08C36C2362EB04F8CF581635C70C8BA55DF6CD884C309
                                                                                Function 00007FF655D9273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File
                                                                                • String ID:
                                                                                • API String ID: 749574446-0
                                                                                • Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction ID: a2c5cb68ab2654f482d19ec9efeb2b356db108ffe199efc7cdd5e01780be8c6b
                                                                                • Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
                                                                                • Instruction Fuzzy Hash: 10E0CD1FB2051581EF209B76C8555741330EF4CF89F4C1230CE0C57321CF28CC818644
                                                                                Function 00007FF655D92490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction ID: aed268fcf87c59186f2303a9be5fd00f4eaad428f32628fd1695cc6ced86c326
                                                                                • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                • Instruction Fuzzy Hash: 21D0121BD0945182DD1097759C6503C2360AFA2B3DFA80730D63EE16E1CF1D98D6A719
                                                                                Function 00007FF655D97FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentDirectory
                                                                                • String ID:
                                                                                • API String ID: 1611563598-0
                                                                                • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction ID: a82955f656e8d712903fb98f9ab549ebc5c0f9341e289a9021c9f2f415534f4c
                                                                                • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                • Instruction Fuzzy Hash: 4BC08C26F05502C1DE085B26C8CD01813A4BB40F08F684334D10CE1120CF2CC8EAA349
                                                                                Function 00007FF655DBFA04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap
                                                                                • String ID:
                                                                                • API String ID: 4292702814-0
                                                                                • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction ID: 3e18fb642c900b5d2673610076f46e51ba259cc7a0f883dca5ba39822491a79f
                                                                                • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                                                • Instruction Fuzzy Hash: 7CF0629FB0A20745FE58BB61D5193B492925F49F6CF0C5730C90DE63C1ED2CED814A18
                                                                                Function 00007FF655D920D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID:
                                                                                • API String ID: 2962429428-0
                                                                                • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction ID: 0fd32b66e4e408040b0c69566a81b00e2da193c9edb36a0b4028c247f667105a
                                                                                • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                • Instruction Fuzzy Hash: 9EF08C27A0968285FB248B60E45927D6670EB14F7CF4C5334D73CA11D4CF28DCA68308
                                                                                Function 00007FF655DBD94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap
                                                                                • String ID:
                                                                                • API String ID: 4292702814-0
                                                                                • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction ID: 0e7cd2ed0d93c801199799b9c8c7b3878d18ba47205de269b0a9d2dd2cbae05b
                                                                                • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                • Instruction Fuzzy Hash: 91F0341BA0920B85FF147AA198093B413925F88FB8F4C5730D92EE62C1DE2CAC808A18

                                                                                Non-executed Functions

                                                                                Function 00007FF655D8C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                • API String ID: 2659423929-3508440684
                                                                                • Opcode ID: 86f3f34dae19e3e49c29d340f54b39a2d4150e9680d4af69a4817d617f67abfd
                                                                                • Instruction ID: a19bf9b2609ad3ef2308900f9a4dc89c53408db323e164d7ea07c3718d36b07e
                                                                                • Opcode Fuzzy Hash: 86f3f34dae19e3e49c29d340f54b39a2d4150e9680d4af69a4817d617f67abfd
                                                                                • Instruction Fuzzy Hash: F862C367F0864685FB00DBB4D4483BD2361AB45BACF185331DA6CA7AE5DF38D985C309
                                                                                Function 00007FF655D9F180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                • String ID: %ls$%s: %s
                                                                                • API String ID: 2539828978-2259941744
                                                                                • Opcode ID: ef8e59e36bf08a375103cf1b32b99524ab9e1731f1fb18bcb0ac3a481f952996
                                                                                • Instruction ID: 5eb749afb575a75b4ccbc7c054e62836507611191ecc59e123e7afc85c0de71e
                                                                                • Opcode Fuzzy Hash: ef8e59e36bf08a375103cf1b32b99524ab9e1731f1fb18bcb0ac3a481f952996
                                                                                • Instruction Fuzzy Hash: E7B2DD77A1868281EA109725D4582BF6321FFC5BD8F184336E69DA3BD6DF6CE940C708
                                                                                Function 00007FF655DC2550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                • API String ID: 1759834784-2761157908
                                                                                • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction ID: b676b6959eea9b42e089dc321639b33fede2f55aeba15f9b6da2ca2938e9d855
                                                                                • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                • Instruction Fuzzy Hash: 31B2C77BA081828AE7658E69D4487FD37A1FB44B8CF585335DA09A7B84DF38ED048B44
                                                                                Function 00007FF655D91A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                • String ID: rtmp
                                                                                • API String ID: 3587137053-870060881
                                                                                • Opcode ID: e1af406d9dd90cab9ebde2dc7b257a9c18519fdc4ea1c1791790fdf5b4aa1268
                                                                                • Instruction ID: 20cfd202510244479cf3811f2f1e34e1ce1afdcbe51daf3bd9292e7342a52ea0
                                                                                • Opcode Fuzzy Hash: e1af406d9dd90cab9ebde2dc7b257a9c18519fdc4ea1c1791790fdf5b4aa1268
                                                                                • Instruction Fuzzy Hash: 6FF1F427B08A4281EB00DBA5D4581BD6771FB85BC8F581335EA4DE3AA9DF3CD884C748
                                                                                Function 00007FF655D95B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 1693479884-0
                                                                                • Opcode ID: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
                                                                                • Instruction ID: 970b178cddb855b7498b68fd2faa0834862bfd5f79e5f53f7069716b7291fdac
                                                                                • Opcode Fuzzy Hash: 42882c5e1b64cf364603feffb0a4dffa6fd5e54fa856c7804417c031547eb997
                                                                                • Instruction Fuzzy Hash: 21A1C467F15A5184FE108BB9C8581BD2371AF45FE8B185335DE2DA7BC4DE3CE8818248
                                                                                Function 00007FF655DB3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 3140674995-0
                                                                                • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction ID: 3e7866c5b8085a623aa50da1ebfcd51bbfe0be9d0faec87c0c99710bed6ccdbb
                                                                                • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                • Instruction Fuzzy Hash: FD317277609B818AEB609F60E8547ED3365FB84B48F484239DA4D97B88DF3CD948CB04
                                                                                Function 00007FF655DB76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                • String ID:
                                                                                • API String ID: 1239891234-0
                                                                                • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction ID: 9dfac987894566ff78b56343755f37dc29e901effedd8a140e27363546465a8f
                                                                                • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                • Instruction Fuzzy Hash: DB31943B608B8186D7609F24E8446AE33A1FB84B58F540335EE8D93B94DF3CD545CB04
                                                                                Function 00007FF655D81AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3668304517-0
                                                                                • Opcode ID: 47fe9767bcb5ae1d9a882eaa5a8596545d0350934ab6dbf56b44417d7b0c6152
                                                                                • Instruction ID: ee8def34ed67b06f2080e10d4e26537b1700e61f31e4098ced69b823d1ad2854
                                                                                • Opcode Fuzzy Hash: 47fe9767bcb5ae1d9a882eaa5a8596545d0350934ab6dbf56b44417d7b0c6152
                                                                                • Instruction Fuzzy Hash: BCB1FA6BB14A8686EB109BA5D8482ED2361FF85B9CF482331DA4CA77D5DF3CD944C308
                                                                                Function 00007FF655DBFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF655DBFAC4
                                                                                  • Part of subcall function 00007FF655DB7934: GetCurrentProcess.KERNEL32(00007FF655DC0CCD), ref: 00007FF655DB7961
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                • String ID: *?$.
                                                                                • API String ID: 2518042432-3972193922
                                                                                • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction ID: 0931147da4d08bd54197dc947c97eb648ba5dfb11d94a36cb46048df51807c51
                                                                                • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                • Instruction Fuzzy Hash: 3751E46BB14A5681EF10EF62D4544B8A3A2FB48FECB484731DE5DA7B84DE3CD8418708
                                                                                Function 00007FF655DC2080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: memcpy_s
                                                                                • String ID:
                                                                                • API String ID: 1502251526-0
                                                                                • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction ID: 63669398bd5ec0f5e0ee5861cc67c5284951ec64d25227e81dc062463475162a
                                                                                • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                • Instruction Fuzzy Hash: 30D19437B1928687D724CF55A18866AB691F798B48F188334DB8EA7B44DF3CEC41CB04
                                                                                Function 00007FF655D8B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorFormatFreeLastLocalMessage
                                                                                • String ID:
                                                                                • API String ID: 1365068426-0
                                                                                • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction ID: e7ead6fcc9a331151209f9548ca433bf39864c79436f046aecefa0c13b68a4bb
                                                                                • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                • Instruction Fuzzy Hash: F901447760C74182E7109F12B85457A6391FB89FC4F0C5234DA8D97B45CF3CD9459705
                                                                                Function 00007FF655DBFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: .
                                                                                • API String ID: 0-248832578
                                                                                • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction ID: e2501cf829a0526194e26055ec67edc2046b92deb2fe2b8eef9054cea3b86107
                                                                                • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                                                • Instruction Fuzzy Hash: E7313B27B0869145F760AB36D8087B9AA92EB44FF8F088335DE5C97BC5CE3CD9018704
                                                                                Function 00007FF655DC5AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionRaise_clrfp
                                                                                • String ID:
                                                                                • API String ID: 15204871-0
                                                                                • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction ID: caf122ea3478b06bf343431e71adcbe63ed1140ea5c696667e5ab5c215999447
                                                                                • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                • Instruction Fuzzy Hash: 88B14A77611B898AEB15CF29C84A36C3BA0F744F8CF198A21DA5D977A8CF39D851C704
                                                                                Function 00007FF655DA8DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease$CapsDevice
                                                                                • String ID:
                                                                                • API String ID: 1061551593-0
                                                                                • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction ID: a919cce647419c62bcecde389eef7816e4b2f3acaea125d1a08314df0ce1112d
                                                                                • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                • Instruction Fuzzy Hash: AD81283BB18A1586EB208F6AD4586AD7771FB88F88F044222DE0DA7B24DF39D945C744
                                                                                Function 00007FF655DAA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FormatInfoLocaleNumber
                                                                                • String ID:
                                                                                • API String ID: 2169056816-0
                                                                                • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction ID: 220b5271020f780e6e9d7014b852c92c5709b727f56486880e3042eed29bcdc6
                                                                                • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                • Instruction Fuzzy Hash: 9D11383BA08B8195E7618B11E8146AA7360FF88B48F884335DA4D93764DF3CA945CB48
                                                                                Function 00007FF655D9126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D924C0: CreateFileW.KERNELBASE ref: 00007FF655D9259B
                                                                                  • Part of subcall function 00007FF655D924C0: GetLastError.KERNEL32 ref: 00007FF655D925AE
                                                                                  • Part of subcall function 00007FF655D924C0: CreateFileW.KERNEL32 ref: 00007FF655D9260E
                                                                                  • Part of subcall function 00007FF655D924C0: GetLastError.KERNEL32 ref: 00007FF655D92617
                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF655D915D0
                                                                                  • Part of subcall function 00007FF655D93980: MoveFileW.KERNEL32 ref: 00007FF655D939BD
                                                                                  • Part of subcall function 00007FF655D93980: MoveFileW.KERNEL32 ref: 00007FF655D93A34
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 34527147-0
                                                                                • Opcode ID: e551f5cd72cc32021c0545c09a5d852fa8adbb9b535e4bd48ae0dc113e77b3ec
                                                                                • Instruction ID: 6de402d1ac18da19498d9203fa1301ea8a40503380bc0e3dee13a7cb37c42202
                                                                                • Opcode Fuzzy Hash: e551f5cd72cc32021c0545c09a5d852fa8adbb9b535e4bd48ae0dc113e77b3ec
                                                                                • Instruction Fuzzy Hash: 6E91C02BB1864282EB50DBA2D4582AD6371FB54FC8F485332EE0DA7B95DE38D945C704
                                                                                Function 00007FF655D951A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Version
                                                                                • String ID:
                                                                                • API String ID: 1889659487-0
                                                                                • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction ID: c9cfa48701ec88cf247583d98cd6807f64ee4e78b411d8925d4c1fe69976366a
                                                                                • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                • Instruction Fuzzy Hash: C301137BA086428BF7248B10E85877A72A1FB98B58F580334D65DA2790DF3CF8008E08
                                                                                Function 00007FF655DB8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction ID: e33ff00c4520b450ff3442af17f58cfbe177768b735ae8a512b05a8d21d87c55
                                                                                • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                • Instruction Fuzzy Hash: A481E72BA182424AEAA4AA15C04867D2292EF50F6CF5C1736DD09F7795CF3EEC45CF48
                                                                                Function 00007FF655DB89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: 0
                                                                                • API String ID: 3215553584-4108050209
                                                                                • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction ID: 4f436d3f6533f2e98c1f5c416f591fb278f587a8ddfb30d355668646241d5cfc
                                                                                • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                • Instruction Fuzzy Hash: B571E69BA0C28246EB64AA25C04827D67A29F41F6CF1C1735CD09F76D6CE2DEC468F4D
                                                                                Function 00007FF655D9C96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: gj
                                                                                • API String ID: 0-4203073231
                                                                                • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction ID: 1afd4ab6ff48ba90891a1a0a15351c6dc41f8a30dddd75dc7fe194609ea63da1
                                                                                • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                • Instruction Fuzzy Hash: CC5191377286908BD754CF25E404A9EB3A5F388758F445226EF4A93B05CB3DE945CF40
                                                                                Function 00007FF655DBC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @
                                                                                • API String ID: 0-2766056989
                                                                                • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction ID: 470e5ef5fbd2c68f15365652f3f1960c868d1716d3d493770d463189a8c1441c
                                                                                • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                • Instruction Fuzzy Hash: 0D41BB37714A4986EF04DF2AE5182A973A2B748FD8B4D9236DE0DA7764DE3CD842C704
                                                                                Function 00007FF655DC0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: HeapProcess
                                                                                • String ID:
                                                                                • API String ID: 54951025-0
                                                                                • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction ID: 1170403f3da3340da39c49d94010967cf413b0146d0dc04008f2ebb97f8f7ec6
                                                                                • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                • Instruction Fuzzy Hash: 8AB09229E17A06C2EA082B116C8A29422A4BF48B04F989238C10CE1320DE3C28AA4704
                                                                                Function 00007FF655DA3964 Relevance: .9, Instructions: 931COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                • Instruction ID: f77cd53d95847caf72bc9e23e8f6e534157d89c7fe8f91d8750911888c5e4719
                                                                                • Opcode Fuzzy Hash: 93e830777a8553980f5fe243353a36f6d8d27a5fc8052bc9569f2c684e316ecf
                                                                                • Instruction Fuzzy Hash: E082DFBBA096C186D715CE28D4082BD7BA2E755F88F1D833ACE4A97786DE3CD845C314
                                                                                Function 00007FF655D876C0 Relevance: .9, Instructions: 893COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction ID: 582a8a6971b7101303946b7fa4c12723c434b59456113e2097f48a7e13759505
                                                                                • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                • Instruction Fuzzy Hash: FA627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                Function 00007FF655DA53F0 Relevance: .9, Instructions: 891COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                • Instruction ID: 4099ce18ba71148ea11b6c6514abe9f9e122b866c67ca7385c114247b40c37c9
                                                                                • Opcode Fuzzy Hash: 569adc29ececf777b1726fc3f5cd67d4b9927b4b604ee9515eb09b13eba64041
                                                                                • Instruction Fuzzy Hash: FF82F1BBA096C18ADB24CE24D4486FD7BA1E755F88F088336CA4D97789DE3CD885C714
                                                                                Function 00007FF655D9BB90 Relevance: .6, Instructions: 587COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction ID: 343b91b916cca0e1674adbc058789550d2d528dfdfcb889cef1c3487b68ad94f
                                                                                • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                • Instruction Fuzzy Hash: 3E22E477B246508BD728CF25C89AE5E3766F798748B4B8228DF0ACB785DB38D505CB40
                                                                                Function 00007FF655DA4B98 Relevance: .6, Instructions: 578COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction ID: ad78243f7c1170ddae81740b7f98bd514e8b9eca4fc6857278f986889b629759
                                                                                • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                • Instruction Fuzzy Hash: 8332CE77A041918BE7188F24D558ABD37A1F754B48F098339DA4AA7B88DF3CEC51C744
                                                                                Function 00007FF655D87288 Relevance: .3, Instructions: 294COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction ID: 945d022247b33673737396859920b77fa20413c338a92f9ae136bf9ba997c158
                                                                                • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                • Instruction Fuzzy Hash: B7C1AEB7B281908FE350CF7AE400A9D3BB1F39878CB555225DF59A3B09D639DA45CB40
                                                                                Function 00007FF655DA2D58 Relevance: .3, Instructions: 268COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction ID: 3f840d13d82276e42602f16098551fbe9aee52a3f8648eba9278f77b56690ea0
                                                                                • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                • Instruction Fuzzy Hash: 71A13677A0818146EB25DA66D4087BE2692EB90B4CF0D4735DE49A7B86CE3CEDC1C308
                                                                                Function 00007FF655D9AF18 Relevance: .2, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction ID: 83e17b1bafa8e9b1dc549331561ae6a2d6b6aae58f088d97855e49223888c7cb
                                                                                • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                • Instruction Fuzzy Hash: F8C10577A291E04DF302CBB5A4348FD3FB1E71E74DB4A4252EF9666B4AC6285201DF20
                                                                                Function 00007FF655D8A310 Relevance: .2, Instructions: 230COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction ID: 47ad2da55cc0bd9aca2305fab5176670ef9659e64bb26affbefbfc7f7e0408a5
                                                                                • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                • Instruction Fuzzy Hash: 90912167B1858196EB11DF29D4542FD2721FB95B8CF481331EE4EA7B49EE38EA06C700
                                                                                Function 00007FF655D9B534 Relevance: .2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction ID: ffcad084d716644d761b51447f423803c5834fb82963199fa5de18077627197b
                                                                                • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                • Instruction Fuzzy Hash: E461F43BB181D149FB018F7585284FD7FB1A749B88B4A8332CE99A7646CE38E905CB14
                                                                                Function 00007FF655DA21D0 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction ID: a067c1164cdcc39853c3ba6abf49e8f5031ac7bfbc20f1660d44f3a1bfd6b82b
                                                                                • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                • Instruction Fuzzy Hash: 07510173B181514BE7288F6AD0087AE3762FB90F58F484334DB4997688DE3DE985CB04
                                                                                Function 00007FF655DA2AB0 Relevance: .1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction ID: 455557a9ba992a7cb93275322b282f45f5ebbdf51b8c263b149a067cb9ceab47
                                                                                • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                • Instruction Fuzzy Hash: 8C31D2B3A086814BD718DE66D6A42BE77A1B744B49F088239DF4AD3B46DE3CE841C700
                                                                                Function 00007FF655DC58E0 Relevance: .0, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction ID: faaaf21ae4d932b86455fa799a3b32338cf42dfa95f6189fa71434ce9c7624e5
                                                                                • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                • Instruction Fuzzy Hash: 27F068767192568BDFA5DF29A44662977D0F7087C4F548239D58DC3B04DA3C98508F08
                                                                                Function 00007FF655DB3354 Relevance: .0, Instructions: 2COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction ID: b3a4bcebb07c197799417ff7adc547d7df035d4952f33fb579449e3cdd367f99
                                                                                • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                • Instruction Fuzzy Hash: CEA0026B90CC42D0E6449B14E8688712331FB50B18B581331F40DE21A4DF3CAC01D70C
                                                                                Function 00007FF655D8D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                • API String ID: 3668304517-727060406
                                                                                • Opcode ID: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
                                                                                • Instruction ID: c7f36a215adc0f4735e69275d29e323858814084a8296f7284ef95f8353290e8
                                                                                • Opcode Fuzzy Hash: 2f19ab4c30c8eac6d144c901c4549240b956f6a692c877d1095a563e450749ff
                                                                                • Instruction Fuzzy Hash: 3641E83BA05B01D9EB009F60D4483E933B5EB48B98F481336DA5DA3798EF38D955C348
                                                                                Function 00007FF655DB2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                • API String ID: 2565136772-3242537097
                                                                                • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction ID: f1dcab4b2a7dc0130f81a67f6a7ba5885d0e43736209a259e0afcd03e25d36ed
                                                                                • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                • Instruction Fuzzy Hash: 7621E06FE19A0381FE55EB51E85D57473A1AF44F99F8C0735C90EA26A0DF3CEC458608
                                                                                Function 00007FF655D96A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                • API String ID: 4097890229-4048004291
                                                                                • Opcode ID: 84a8d5924325d9694cefe69853777e32b6ff0efedf48cba38b0c2889e3b1290b
                                                                                • Instruction ID: 3d9e43163f276e6675285fbb600148f9689cde063692ea3262f625f5fc42bc94
                                                                                • Opcode Fuzzy Hash: 84a8d5924325d9694cefe69853777e32b6ff0efedf48cba38b0c2889e3b1290b
                                                                                • Instruction Fuzzy Hash: 1C12DD2BB08A4280EB10DB64D0581AD6372EB81F9CF544335DA5DA7BE9DF3DD989C348
                                                                                Function 00007FF655DAA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                • API String ID: 431506467-1315819833
                                                                                • Opcode ID: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
                                                                                • Instruction ID: 0cd6b1fc1cf3cad2289a5764de4bd05ced582d933e64a3dd76668331404eedc4
                                                                                • Opcode Fuzzy Hash: cbdb2342dbc27246140afa92192789482b4dc38f3de2603255fba98438e470aa
                                                                                • Instruction Fuzzy Hash: 58B1A267F1974285FB009BA4D4482BD2372AB85B9CF584335DA5CB6AD9DF3CE845C308
                                                                                Function 00007FF655DA6E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                • API String ID: 2868844859-1533471033
                                                                                • Opcode ID: d8862c3025e57af8a5778f9936a91020890481e3bad1d2e12bbb9941efaf755e
                                                                                • Instruction ID: 9ba00f233c1f2ffa63c8dcaeb5e5924d6602a19785de0c4411d6f123771452d6
                                                                                • Opcode Fuzzy Hash: d8862c3025e57af8a5778f9936a91020890481e3bad1d2e12bbb9941efaf755e
                                                                                • Instruction Fuzzy Hash: 91819167F19A4285FB00DBA5D4482ED2372AB45B9CF481335DE1DA7699DF38E906C308
                                                                                Function 00007FF655DBE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                • API String ID: 3215553584-2617248754
                                                                                • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction ID: 95c2e05b85998b90196a059c868e52361f8c2c585bd46b61d9ab0c4cabbcd440
                                                                                • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                • Instruction Fuzzy Hash: E441D07BA09B45C9EB00DF21E8457A933A5EB18B98F084336DE5CA7B54DE3CD425C748
                                                                                Function 00007FF655DAF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                • String ID: STATIC
                                                                                • API String ID: 2845197485-1882779555
                                                                                • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction ID: 2f9371fd23298f2fffca648511a7fe8dac2510b5679e9327b2ae622ed422941f
                                                                                • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                • Instruction Fuzzy Hash: F9317E3BA0864346FA609B21E5587BAA3A1EB89F88F080730DD4D97B55DE3CDC068744
                                                                                Function 00007FF655DAAE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ItemTextWindow
                                                                                • String ID: LICENSEDLG
                                                                                • API String ID: 2478532303-2177901306
                                                                                • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                • Instruction ID: 2f5a02dec4a316576e6774b917b6ea801dec600cd34d849440525cb55beaaf55
                                                                                • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                • Instruction Fuzzy Hash: CD416F3BB0865282FB548B11E85877A6261EB85F8DF0C4335D90EA7B95CF3CED468708
                                                                                Function 00007FF655D9B9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                • API String ID: 2915667086-2207617598
                                                                                • Opcode ID: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                • Instruction ID: d59ffd9c47f3950bfd7aafdf8b7599128f390007226389430462754e51abc957
                                                                                • Opcode Fuzzy Hash: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                • Instruction Fuzzy Hash: 7431163BA0EA4780FA55CB15A86817977A0AF44F98F0D5335C85EA33A5DFBCED418309
                                                                                Function 00007FF655DA87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: $
                                                                                • API String ID: 3668304517-227171996
                                                                                • Opcode ID: 3e5c1c837bf5b094cbf702a79e584555beddaf0efbc8773bf26ad6af60c03e6c
                                                                                • Instruction ID: 778900021a5d7f9fe003b42394dc4fb7471b45bb62e69ca3ac646156d15249a4
                                                                                • Opcode Fuzzy Hash: 3e5c1c837bf5b094cbf702a79e584555beddaf0efbc8773bf26ad6af60c03e6c
                                                                                • Instruction Fuzzy Hash: 2BF19C7BF1564684EE009B64D4482AE2362AB44FACF485731CE5DA7BD9DF7CE980C348
                                                                                Function 00007FF655DB57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                • String ID: csm$csm$csm
                                                                                • API String ID: 2940173790-393685449
                                                                                • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction ID: 5c8e266ff621f9d3a9842a4d681c89adbfc2ef7dc6936593223dde1a10908462
                                                                                • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                • Instruction Fuzzy Hash: ACE1B4779087828AE710AF24D4493AD77A2FB45BACF184335DA8DA7655DF38E881CF04
                                                                                Function 00007FF655D94F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AllocClearStringVariant
                                                                                • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                • API String ID: 1959693985-3505469590
                                                                                • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction ID: 26f24b2591d9ee6b6cfb958600f9e9c0d0eb9552b5b75be39deb6e94a02a74f1
                                                                                • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                • Instruction Fuzzy Hash: A371093BA15A1585EB20CF25E8A45AD77B4FB88F9CB485332DA4E93B64DF38D944C304
                                                                                Function 00007FF655DB72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF655DB74F3,?,?,?,00007FF655DB525E,?,?,?,00007FF655DB5219), ref: 00007FF655DB7371
                                                                                • GetLastError.KERNEL32(?,?,00000000,00007FF655DB74F3,?,?,?,00007FF655DB525E,?,?,?,00007FF655DB5219), ref: 00007FF655DB737F
                                                                                • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF655DB74F3,?,?,?,00007FF655DB525E,?,?,?,00007FF655DB5219), ref: 00007FF655DB73A9
                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF655DB74F3,?,?,?,00007FF655DB525E,?,?,?,00007FF655DB5219), ref: 00007FF655DB73EF
                                                                                • GetProcAddress.KERNEL32(?,?,00000000,00007FF655DB74F3,?,?,?,00007FF655DB525E,?,?,?,00007FF655DB5219), ref: 00007FF655DB73FB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                • String ID: api-ms-
                                                                                • API String ID: 2559590344-2084034818
                                                                                • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction ID: bd58764512775972a874a2f97521de29fc6f2cf39af2b17d47b7f6048b622348
                                                                                • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                • Instruction Fuzzy Hash: 6431F82BB1A64182EE51AB06E8085752395FF44FB8F1D4735DD2DAB790DF3CE8408B18
                                                                                Function 00007FF655DB1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(?,?,?,00007FF655DB1573,?,?,?,00007FF655DB192A), ref: 00007FF655DB162B
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF655DB1573,?,?,?,00007FF655DB192A), ref: 00007FF655DB1648
                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF655DB1573,?,?,?,00007FF655DB192A), ref: 00007FF655DB1664
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$HandleModule
                                                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                • API String ID: 667068680-1718035505
                                                                                • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction ID: e7217e575d41fb2009b0f007a899698b0adf4cf72cfa33f3a13188cf9a59b838
                                                                                • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                • Instruction Fuzzy Hash: 3511522BA1AB0381FD555B80F94827462966F09FACF4C4735C81DA6354EE3CEC858A08
                                                                                Function 00007FF655D9ED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00007FF655D951A4: GetVersionExW.KERNEL32 ref: 00007FF655D951D5
                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9ED8C
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9ED98
                                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9EDA8
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9EDB6
                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9EDC4
                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF655D85AB4), ref: 00007FF655D9EE05
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction ID: 452d4a433ac1bcf6919f0bd4d53321823d000d102bfe361132f9de0abcedcbb5
                                                                                • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                • Instruction Fuzzy Hash: 68518DB7B106518AEB04CFA4D4585AC77B1F748B8CB64423ADE0EA7B58DF38D945CB04
                                                                                Function 00007FF655D9F010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Time$File$System$Local$SpecificVersion
                                                                                • String ID:
                                                                                • API String ID: 2092733347-0
                                                                                • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction ID: fdf773cf98dcafff7b4e4b8e5061777e305e7c691c95408af703339c0ac8ccd5
                                                                                • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                • Instruction Fuzzy Hash: DA313C67B10A518DFB00CFB5D8941AC7770FB08B5CB58512ADE0EA7A58EF38D895C704
                                                                                Function 00007FF655D97918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: .rar$exe$rar$sfx
                                                                                • API String ID: 3668304517-630704357
                                                                                • Opcode ID: 93dbb7d74f849ef92666457f8e9f641f008dc657da5001eee78cfd1c0618c12a
                                                                                • Instruction ID: de12a874eee7293988b33f9b570b8542d061968929819a11bf381328e65ee5c6
                                                                                • Opcode Fuzzy Hash: 93dbb7d74f849ef92666457f8e9f641f008dc657da5001eee78cfd1c0618c12a
                                                                                • Instruction Fuzzy Hash: 4FA1A12BA1460A80EA409B65D4692BC2371AF41FACF581335DD1DA76D6DF3CE945C348
                                                                                Function 00007FF655DB5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                • String ID: MOC$RCC
                                                                                • API String ID: 2889003569-2084237596
                                                                                • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction ID: 6e4acfbd2831a185f91dec516ef0a199e73930ecfbcadced6f5b601859196758
                                                                                • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                • Instruction Fuzzy Hash: 7B91D177A08B818AEB10DB64D4842AD77A1F704B9CF184329EF8CA7754DF38D595CB04
                                                                                Function 00007FF655DB4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                • String ID: csm$f
                                                                                • API String ID: 2395640692-629598281
                                                                                • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction ID: ce60bbc00894ec73fbeeb719cb6268723991cb5fcfe93a14a9527094c2fea296
                                                                                • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                • Instruction Fuzzy Hash: 5651C73BA1660286DB54EB15E448A293356FB40FECF588330D95EA7748FF78EC418B48
                                                                                Function 00007FF655D8CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                • API String ID: 2102711378-639343689
                                                                                • Opcode ID: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
                                                                                • Instruction ID: 8002413db59987673146cbd651366ebff04fb3387b0c9d1f6a129987f7638520
                                                                                • Opcode Fuzzy Hash: 4ad8962ae40659baaf1511d456c0931157e13c4a94880edc0a22eb1ae19da66a
                                                                                • Instruction Fuzzy Hash: 6151D36BF0864285FB00EB60D8492BD2361AF44BACF481335DE1DA76D6DF3CAC85C209
                                                                                Function 00007FF655DA7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Show$Rect
                                                                                • String ID: RarHtmlClassName
                                                                                • API String ID: 2396740005-1658105358
                                                                                • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                • Instruction ID: a58abc1d0a297d02e63a3807ab8464bbd88bb40acc62be130ec3330032c1a2a5
                                                                                • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                • Instruction Fuzzy Hash: 2C51943BA0874286EA649F21E45837AB361FB85F88F084735DE4E97B55DF3CE8458B04
                                                                                Function 00007FF655DAFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                • API String ID: 0-56093855
                                                                                • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction ID: ac314bffa3257076bd6115a495ceebb27695619ffb58ec1dbdedf4b86443b5b9
                                                                                • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                • Instruction Fuzzy Hash: FF21C43E909A8781EA508B15E84C175B3A0EB49F8CF1C0776DA4DE7764DE3CE9998348
                                                                                Function 00007FF655DBBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                • API String ID: 4061214504-1276376045
                                                                                • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction ID: f92728afd2a80969098caceadeae4c30bc9da211805594b3a5145b6e57fc9113
                                                                                • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                • Instruction Fuzzy Hash: 29F0A42BA19A4681EE449B10E45867963A1BF88F98F0C1335D94F92274CF3CD8848B04
                                                                                Function 00007FF655DC45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID:
                                                                                • API String ID: 3215553584-0
                                                                                • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction ID: 7613af7d20565defef9a11a3c652441306e17a4bade7ecd8824aa5ce3da20784
                                                                                • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                • Instruction Fuzzy Hash: 2F81DC2BE1865289F7209B65C8486BD66A1BF45F9DF084335CE0EA3AD5DF3CAC41C708
                                                                                Function 00007FF655D93AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 2398171386-0
                                                                                • Opcode ID: 8c9e27b33bb60ec2ca70bdd01c92279f10c16d884dcde86fae8fb32e95875df8
                                                                                • Instruction ID: a582d7ac250bc819917e89e5976ea172ecf50d2b3f2fae67dcfb5f2c0514b5ba
                                                                                • Opcode Fuzzy Hash: 8c9e27b33bb60ec2ca70bdd01c92279f10c16d884dcde86fae8fb32e95875df8
                                                                                • Instruction Fuzzy Hash: 6A51C22BB04A4289FB50DB65E4683BD2371AB84FACF184735DE1DE67D4DE3898558308
                                                                                Function 00007FF655DC3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 3659116390-0
                                                                                • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction ID: 5693a7d0c4ce6b89c9aa5f1e58d0e7afd2cfc85e74798a8269060c6c318b9620
                                                                                • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                • Instruction Fuzzy Hash: 8351BF37A14A5189E710CB65D4483BC3BB1FB44B9CF088335DE4AA7A98DF38D986C704
                                                                                Function 00007FF655DB1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$AllocString
                                                                                • String ID:
                                                                                • API String ID: 262959230-0
                                                                                • Opcode ID: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                                • Instruction ID: 805e5444084376404c1444b9319b2067e2904dc697ff4e65bcce35d376af5938
                                                                                • Opcode Fuzzy Hash: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                                • Instruction Fuzzy Hash: A741D42BA0964689EB14AFA1D4482782292EF08FBCF1C4734EA6DE77D5DF3CD8418704
                                                                                Function 00007FF655DBF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID:
                                                                                • API String ID: 190572456-0
                                                                                • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction ID: eedc04f8fb42ad9faa0f57676b150d4c765052bec9e4c4128ed2d4ae3aa1212f
                                                                                • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                • Instruction Fuzzy Hash: BE41C22BB09A4281FA15AB12E848575A2D6BF44FA8F0D4735DD1DEB744EF3CE9408B08
                                                                                Function 00007FF655DC56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _set_statfp
                                                                                • String ID:
                                                                                • API String ID: 1156100317-0
                                                                                • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction ID: 61c78877b5c58691b31a81f0059f69fd2648141e26fb697c6f092e0c9e9cd1f4
                                                                                • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                • Instruction Fuzzy Hash: 8F118F7FE1CA0781FA641168E5CE3791141AF55BE8E4C4334EA7EEA6D6DF6CAC80420D
                                                                                Function 00007FF655DAFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                • String ID:
                                                                                • API String ID: 3621893840-0
                                                                                • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction ID: 2d3497b3bb560d7a16595550dd42d79a954c6b9b51e9a4a6d25dd0b3f0916758
                                                                                • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                • Instruction Fuzzy Hash: 81F03C3AB2954782F7108720E858A3AA251FFA4F09F481230E54A95895DF2CDA89CB04
                                                                                Function 00007FF655DB625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: __except_validate_context_recordabort
                                                                                • String ID: csm$csm
                                                                                • API String ID: 746414643-3733052814
                                                                                • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction ID: 9a3b4c9671985aa1ac207eb6cb49bbd62d32b033928dda003b2ead26899c5ae9
                                                                                • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                • Instruction Fuzzy Hash: C371B277508A8186DB60AB25D05877D7BA2EB01FACF088335DA8DA7785CF2DD890CB45
                                                                                Function 00007FF655DB80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: $*
                                                                                • API String ID: 3215553584-3982473090
                                                                                • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction ID: 1147d7c287542c82c747c805965e738392a8293d5178b43e6b5efd4a9afe6535
                                                                                • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                • Instruction Fuzzy Hash: 6451147BD1D6428AEB65AE28C44D37837A2EB05F6DF1C1335C64AA5199CF38DC81CE09
                                                                                Function 00007FF655DC1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$StringType
                                                                                • String ID: $%s
                                                                                • API String ID: 3586891840-3791308623
                                                                                • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction ID: 647c2ce5aff1fbb49c8cd62fd506b3b8a187d4aa63a6c96b097f91dc51eb44da
                                                                                • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                • Instruction Fuzzy Hash: F5419D27B08B919AEB609FA5D8082A86291FF44FACF4C0335DA1DA77C4DF3CE8458304
                                                                                Function 00007FF655DB66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                • String ID: csm
                                                                                • API String ID: 2466640111-1018135373
                                                                                • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction ID: baff35f4e4fd9097eb30dbf1e70c7afab6d9163a607b6897692cb6a11fee40a9
                                                                                • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                • Instruction Fuzzy Hash: 68516D7BA1974187DA60EB16E04526E77A5FB88FA4F080334EB8D97B55DF38E850CB04
                                                                                Function 00007FF655DC4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                • String ID: U
                                                                                • API String ID: 2456169464-4171548499
                                                                                • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction ID: 360c05efdcd77704f6089be8feb2fdea8d68a2ae1f54bacafb79750a4469bb77
                                                                                • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                • Instruction Fuzzy Hash: A941B427619A8182EB108F65E4487B97761FB98B98F584331EE4DD7784EF7CD841CB04
                                                                                Function 00007FF655DA90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ObjectRelease
                                                                                • String ID:
                                                                                • API String ID: 1429681911-3916222277
                                                                                • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction ID: 442ce358695c0fcc83a90a04f1d0f98d6844edf05cdaa26e8ca7e313c9987da4
                                                                                • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                • Instruction Fuzzy Hash: 81314E3A60874287EB04DF12B81862AB761F789FD5F444635ED4A93B58CE3CD889CB04
                                                                                Function 00007FF655D9E870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InitializeCriticalSection.KERNEL32(?,?,?,00007FF655DA317F,?,?,00001000,00007FF655D8E51D), ref: 00007FF655D9E8BB
                                                                                • CreateSemaphoreW.KERNEL32(?,?,?,00007FF655DA317F,?,?,00001000,00007FF655D8E51D), ref: 00007FF655D9E8CB
                                                                                • CreateEventW.KERNEL32(?,?,?,00007FF655DA317F,?,?,00001000,00007FF655D8E51D), ref: 00007FF655D9E8E4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                • String ID: Thread pool initialization failed.
                                                                                • API String ID: 3340455307-2182114853
                                                                                • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction ID: cf9b4f23dbdf95334e9acdc07494cc162479760ada4652e6d582b20d54ab6b66
                                                                                • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                • Instruction Fuzzy Hash: 13219037A1564286F7508F64D4587AD36E2EB98F0CF1C8334CA0D9A295CF7EAC56C788
                                                                                Function 00007FF655DA85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDeviceRelease
                                                                                • String ID:
                                                                                • API String ID: 127614599-3916222277
                                                                                • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction ID: 540f58bd9ba3aecc6fbaf22424aefac632a092803faa2359a6a283a439a70d94
                                                                                • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                • Instruction Fuzzy Hash: C0E08C26B0864282EB085BB6B58D12AA261EB4CFD0F198235DA1A87798CE3CC8C44304
                                                                                Function 00007FF655D8D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                • String ID:
                                                                                • API String ID: 1137671866-0
                                                                                • Opcode ID: ad0c369e97bd27df0bd8571ae047a7ba3ec338b5cc8231976b3225e174adef6f
                                                                                • Instruction ID: 654366bf6caac3a79c70c11c23b2701d4e00154ac851294fd2d7202299c61aaf
                                                                                • Opcode Fuzzy Hash: ad0c369e97bd27df0bd8571ae047a7ba3ec338b5cc8231976b3225e174adef6f
                                                                                • Instruction Fuzzy Hash: 7DA1F667A1868281EA10EB65D4482AD6371FF81F9CF442331EA4DA7BD9DF3CE944C709
                                                                                Function 00007FF655DA0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: 54200ff8d853bda438b9724302bbe7c4cb5cd052152846316c4389ee66fe2230
                                                                                • Instruction ID: 7f9779c30f2cbdde2387bd78166122f08c6261cb25f482f764501f4a08fa7c7e
                                                                                • Opcode Fuzzy Hash: 54200ff8d853bda438b9724302bbe7c4cb5cd052152846316c4389ee66fe2230
                                                                                • Instruction Fuzzy Hash: F151A17BB14A4295FB009B65D4492AD2322EB84F9CF484336DA1CA7BD6DF2CE945C348
                                                                                Function 00007FF655DA9D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                • String ID:
                                                                                • API String ID: 1077098981-0
                                                                                • Opcode ID: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                                • Instruction ID: 0925c5df2c7959d2538af25a8134ae03072bf5340b5797cd359fdc016f98309e
                                                                                • Opcode Fuzzy Hash: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                                • Instruction Fuzzy Hash: C4516037618B4286EB508F61E8487AE7364FB84F88F541335EA4DA7A58DF3CD944CB44
                                                                                Function 00007FF655DBDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                • String ID:
                                                                                • API String ID: 4141327611-0
                                                                                • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction ID: ae329a9a5ed01dc7207b721863f5d5839971ef0a9e1352fb3efe04e17d07d91a
                                                                                • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                • Instruction Fuzzy Hash: 2A41732BA0864246F765BE10D04837962A2EF84FB8F1C4335DA4DE6A99DF7CDC418E08
                                                                                Function 00007FF655D93980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                • String ID:
                                                                                • API String ID: 3823481717-0
                                                                                • Opcode ID: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
                                                                                • Instruction ID: 24bd394c1981de28badd96ca64ee39d00f54a78404c29d0e8f01166d1cd527c4
                                                                                • Opcode Fuzzy Hash: 9a9a58264430c11791c0c606b390f78d08ba3037c1fa37d6a31b7cedc8df9908
                                                                                • Instruction Fuzzy Hash: F7419D67F14B5284FB00DBA9D8591AC2372BB44FACB185335DE5DA7A99DF38D841C208
                                                                                Function 00007FF655DC0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF655DBC45B), ref: 00007FF655DC0B91
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF655DBC45B), ref: 00007FF655DC0BF3
                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF655DBC45B), ref: 00007FF655DC0C2D
                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF655DBC45B), ref: 00007FF655DC0C57
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                • String ID:
                                                                                • API String ID: 1557788787-0
                                                                                • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction ID: e437f79ecf8abcc7355904c1d569a1d8ef75869c71d403cb45cc47b251711671
                                                                                • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                • Instruction Fuzzy Hash: 28216636B18B5181D6249F11654402DB6A5FB94FD4B4C4334DE9EB3B94DF3CE8528708
                                                                                Function 00007FF655DBD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$abort
                                                                                • String ID:
                                                                                • API String ID: 1447195878-0
                                                                                • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction ID: 1c71fe3122a10512a126000d2f6bb9ca07ca70e8d107a95a2454ab91460d8c0f
                                                                                • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                                                • Instruction Fuzzy Hash: A9016D2EA0960342FA587721E55D63812525F44FA8F1C0738D91EA67D6ED2CBC444A09
                                                                                Function 00007FF655DA8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: CapsDevice$Release
                                                                                • String ID:
                                                                                • API String ID: 1035833867-0
                                                                                • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction ID: 1d2d4ee6a7599e2077baa32ca94afa9cd9cee2a769fcdbfeb8d7245c2525b1f1
                                                                                • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                • Instruction Fuzzy Hash: 70E0ED6AE0964382FF499BB1A85D13AB190EF48F49F4C4739CC1EE6360DD3CA885C618
                                                                                Function 00007FF655D8E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                • String ID: DXGIDebug.dll
                                                                                • API String ID: 3668304517-540382549
                                                                                • Opcode ID: 59f5a07f3fb2ea719f45a05ba6c1ae5c7d9afb2a0aed67dbb2f715f9973f08e5
                                                                                • Instruction ID: 18f617e160636928ccc386f0fb7f71f3c87e41bd476cd2dff601684c10b1cb63
                                                                                • Opcode Fuzzy Hash: 59f5a07f3fb2ea719f45a05ba6c1ae5c7d9afb2a0aed67dbb2f715f9973f08e5
                                                                                • Instruction Fuzzy Hash: 4071CC73A04B8182EB14CB65E4483ADB3A5FB54B98F484336DBAC57B95DF38D461C308
                                                                                Function 00007FF655DBE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo
                                                                                • String ID: e+000$gfff
                                                                                • API String ID: 3215553584-3030954782
                                                                                • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction ID: cfac185f77c173808af710695f89b5654a8020810f75d3ae1783738028bd701f
                                                                                • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                • Instruction Fuzzy Hash: 81510667B187C146EB259B35D8453696B92EB81FA4F0C9331CA9CD7BD5CE2CE844CB04
                                                                                Function 00007FF655D99408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                • String ID: SIZE
                                                                                • API String ID: 449872665-3243624926
                                                                                • Opcode ID: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
                                                                                • Instruction ID: fac404be6a17a153a75b1f22d10fc3901d3a03544b7870be1b8396bc0ea5f338
                                                                                • Opcode Fuzzy Hash: 95182320ee7b3a48c420107a4992996f84afbbac13f0d5532198c1d22c251322
                                                                                • Instruction Fuzzy Hash: F6410567A1874282EF50DB54E4593BE6321EF85BA8F484331EA9D936D6EF3CD940C708
                                                                                Function 00007FF655DBC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                • String ID: C:\Users\user\Desktop\0438.pdf.exe
                                                                                • API String ID: 3307058713-2094305049
                                                                                • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction ID: 78d7ccef1bf09ba8ed97e62658c470c21a8bb7d7b22ce26e824b7097acf2f15e
                                                                                • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                • Instruction Fuzzy Hash: 6041B23BA08A4786EB14AF21E4441BC7795FF44FA8B484336E94EA7755DE3CE8418B08
                                                                                Function 00007FF655DA9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ItemText$DialogWindow
                                                                                • String ID: ASKNEXTVOL
                                                                                • API String ID: 445417207-3402441367
                                                                                • Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                • Instruction ID: 1a830f00edf42e4bc07dc9b98f20b394219626878075e02929d8baae876dfec5
                                                                                • Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                • Instruction Fuzzy Hash: 9841803BA08A8281FA509B11E4582BE63A1AF85FCCF184335DE4DE7795CE3CEC558348
                                                                                Function 00007FF655D99638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide_snwprintf
                                                                                • String ID: $%s$@%s
                                                                                • API String ID: 2650857296-834177443
                                                                                • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction ID: 3a337a8a745547f3a4596016769a3f61f0e94f5f4beb84fdcf35666427fd6b60
                                                                                • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                • Instruction Fuzzy Hash: 6431E47BB19A8685EA109F66D4582E923B0FB44F8CF481332DE0C67B95EE3CE905C704
                                                                                Function 00007FF655DBEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FileHandleType
                                                                                • String ID: @
                                                                                • API String ID: 3000768030-2766056989
                                                                                • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction ID: 3cb064b876eee3fc8a1de8dc71698b34f67f9815bfad852b3a96e256cf792e48
                                                                                • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                • Instruction Fuzzy Hash: 8321F52BA08B8240EB609B25D4981382662EB45F79F2C0335D66FA77E4CE3CDC85C70C
                                                                                Function 00007FF655DB4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF655DB1D3E), ref: 00007FF655DB40BC
                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF655DB1D3E), ref: 00007FF655DB4102
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                • String ID: csm
                                                                                • API String ID: 2573137834-1018135373
                                                                                • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction ID: ff1d26db3e96216df830ccf1d3ad8daa4fb97caf3e42e1b6bcf7437273a3e032
                                                                                • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                • Instruction Fuzzy Hash: 89112B36618B8182EB208B15E44426977A2FB88F98F184331EE8D57754DF3CD995CB04
                                                                                Function 00007FF655D9EA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF655D9E95F,?,?,?,00007FF655D9463A,?,?,?), ref: 00007FF655D9EA63
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF655D9E95F,?,?,?,00007FF655D9463A,?,?,?), ref: 00007FF655D9EA6E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLastObjectSingleWait
                                                                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                • API String ID: 1211598281-2248577382
                                                                                • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction ID: 2e24d2c9f5fabd8e5ce1302da00b9c38abba75ef0195a9a2200bedf1d2c0caca
                                                                                • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                • Instruction Fuzzy Hash: ACE01A2BE1984382F600A7219C4E5782250BF61F78F9C1330D13EE11F19F2CAE8AC309
                                                                                Function 00007FF655D9A43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2158580642.00007FF655D81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF655D80000, based on PE: true
                                                                                • Associated: 00000000.00000002.2158552411.00007FF655D80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158674879.00007FF655DC8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DDB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158736744.00007FF655DE4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2158843061.00007FF655DEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_7ff655d80000_0438.jbxd
                                                                                Similarity
                                                                                • API ID: FindHandleModuleResource
                                                                                • String ID: RTL
                                                                                • API String ID: 3537982541-834975271
                                                                                • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction ID: 863c3f330d32c5038fc1334a47e86b772910e4336b1f2b3f8e4e3411e82b2732
                                                                                • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                • Instruction Fuzzy Hash: 11D05E9BF0A60282FF194B71A44D77422A05F18F8AF4C4338C84E96390EF2DE8C8C758